Comparing Type Systems for Deadlock Freedom

arXiv:1810.00635v4 [cs.LO] 6 Sep 2021 hog h lse fwl-ye rcse htte induce they that processes well-typed of expressive classes their the through influence [ strongly forward processes put been message-passing have types, (“pro session correspondence Curry-Howard and of style the in concurrency, [ behavior process discipline that systems p message-passing [ about paradigms reason distributed and and represent to us enables which and include examples communication; ciplined the for systems type various intpspooeatp-ae praht omncto co communication into to structured approach are type-based a promote types sion etie)cretespoete are properties a correctness safety s tertwined) different process through against communications correct checked enforce are types which types session as stracted nti ae,w omlyrlt ieettp ytm o co for systems type different relate formally [ we calculus paper, this In Introduction 1 u neeti in is interest Our eso types session nw bu h rcs eainhpbtenteetp sys type induce. these between concur relationship for precise the properties about these known ensure systems prope type liveness various by and expressed been has requirement communicating intuitive among protocols intended follow to expected eas rvd w yepeevn rnltoso proces of translations type-preserving two provide also We rcse htgaatedalc reo.W opr w c two compare We freedom. deadlock guarantee that processes eedenoted here ain fcascllna oi rpstosa eso t session as propositions logic linear classical of tations ye noKbysislna ye ihuae,icue p includes usages, that with show We types linear Kobayashi’s into types nvriyo lso,UK Glasgow, of University i ae usfradtefis oprtv td fdifferen of study comparative first the forward puts paper is esg-asn owr ytm xii o-rva form non-trivial exhibit systems soware Message-passing MPW92 oprn yeSsesfrDalc Freedom Deadlock for Systems Type Comparing reaDardha Ornela .Afnaetlmdlo optto,the computation, of model fundamental A ]. [ L Hon93 L sessions and ssrcl nlddin included strictly is eso-ae concurrency session-based K , eclass e . ai omncto nt;dsrpin fitrcinseque interaction of descriptions units; communication basic , THK94 SW01 π cluu aervae ihlnsaeo oesfrconcurr for models of landscape rich a revealed have -calculus .Aohrdsicieapc fthe of aspect distinctive Another ]. , HVK98 L omncto safety communication tnsotfriscnnct:i eut rmCurry-Howard from results it canonicity: its for out stands K etme ,2021 7, September n dniytepeiecniin ne hc hycoinc they which under conditions precise the identify and , .I h atdcd,lgclfudtosfrmessage-passing for foundations logical decade, last the In ]. San02 rp types graph CP10 h oe fcnurnycpue yssintps Ses- types. session by captured concurrency of model the , nvriyo rnne, Netherlands e Groningen, of University Abstract .FloigMle’ eia okon work seminal Milner’s Following ]. , Wad12 1 [ ps eclass e ypes. Yos96 .B icpiigteueo hnes ye for types channels, of use the disciplining By ]. e in ses te uha rgeso da)okfreedom (dead)lock or progress as such rties oessnttpbei te yesystems. type other in typable not rocesses esadtecasso ye rcse they processes typed of classes the and tems and etpoess notntl,vr il is lile very Unfortunately, processes. rent sacnrlteei hswork. this in theme central a is evcs u lot ee gtsuk.is stuck”. “get never to also but services, eictos nssinbsdconcurrency, session-based In pecifications. fcnurnyaddsrbto;te are they distribution; and concurrency of s ], π es otatn ieettp systems type different Contrasting ness. cluu tnsotfrisexpressiveness, its for out stands -calculus asso edokfe ye processes, typed deadlock-free of lasses og .P A. Jorge iertypes linear rcns:daousbtenparticipants between dialogues rrectness: dlvns rpris w ai adin- (and basic Two properties. liveness nd eso fidelity session K oiin stps)btenlna logic linear between types”) as positions cretpoessseie nthe in specified processes ncurrent orm nfntoa,object-oriented, functional, in rograms yessesfrmessage-passing for systems type t nopoessin processes into π K cluu sisspotfrrc type rich for support its is -calculus bandb noigsession encoding by obtained , erez [ ´ KPT96 hl h omrensures former the while : L ], . eei types generic csaete ab- then are nces sorting interpre- nywt dis- with ency ide. [ Mil91 [ IK04 π ], ], - absence of errors (e.g., communication mismatches), the laer ensures that well-typed processes respect the protocols prescribed by session types. A very desirable liveness property for safe processes is that they should never “get stuck”. is is the well-known progress property, which asserts that a well-typed term either is a final value or can further reduce [Pie02]. In calculi for concurrency, this property admits several formalizations; two of them are deadlock freedom and lock freedom. Intuitively, deadlock freedom ensures that communications will eventually succeed unless the whole process diverges [Kob06]; lock freedom is a stronger property: it guarantees that communications will eventually succeed, regardless of whether processes diverge, modulo some fairness assumption on the scheduler [Kob02]. Notice that in the absence of divergent behaviors, deadlock freedom and lock freedom coincide. Another formalization, which we call here session progress, has been proposed for session-based concurrency [CD10, CDM14]: “a process has session progress if combined with another process providing the corresponding co-actions (a so-called catalyzer), then the composition reduces”. We will say that a process is composable if it can be composed with an appropriate catalyzer for some of its actions, or uncomposable otherwise. Carbone et al. [CDM14] proved that session progress and (dead)lock freedom coincide for uncomposable processes; for composable processes, session progress states potential (dead)lock freedom. We will return to this informal distinction between composable and uncomposable processes below (Definition 2.2 will make it formal). ere is a vast literature on type systems for which typability enforces (dead)lock freedom or session progress—see, e.g.,[Kob02, Kob06, DdY08, CD10, CP10, CPT16, Pad13, VV13, Pad14, GKL14, KL17, DG18, BTP19]. Unfortunately, these sophisticated systems rely on different principles and/or consider different variants of the (session) π-calculus. Also, different papers sometimes use different terminology and notions. As a result, very lile is known about the relationship between these type systems. ese observations led us to our research questions: How do the type systems for liveness properties relate to each other? What classes of deadlock-free processes do they induce? is paper presents the first formal comparison between different type systems for the π-calculus that enforce liveness properties related to (dead)lock freedom. More concretely, we tackle the above open questions by comparing L and K, two salient classes of deadlock-free (session) typed processes:

• e class L contains session processes that are well-typed under the Curry-Howard correspondence between (classical) linear logic propositions and session types [CP10, CPT16, Wad12]. is suﬃces, because the type system derived from such a correspondence simultaneously ensures communication safety, session ﬁdelity, and deadlock freedom.

• e class K contains session processes that enjoy communication safety and session ﬁdelity (as ensured by the type system of Vasconcelos [Vas12]) as well as satisfy deadlock freedom. is class of processes is deﬁned indirectly, by combining Kobayashi’s type system based on usages [Kob02, Kob06, Kob07] with encodability results by Dardha et al. [DGS12].

Let us clarify the nature of processes in L and K. As Deﬁnition 4.4 formally states, processes in L and K are typed under some typing context, possibly non empty. As such, these classes contain both composable processes (if the typing context is not empty) and uncomposable processes (otherwise). us, strictly speaking, processes in L and K have session progress (as described above), which is strictly weaker than deadlock freedom, because a process satisfying session progress does not necessarily satisfy deadlock freedom. is is trivially true for composable processes, which need a catalyzer [CDM14]. However, since we shall focus on uncomposable processes, for which session progress and deadlock freedom coincide, we shall refer to L and K as classes of deadlock-free processes.

2 ere are good reasons for investigating L and K. On one hand, due to its deep logical foundation, the class L appears to us as the canonical class of deadlock-free session processes, upon which all other classes should be compared. Indeed, this class arguably oﬀers the most principled yardstick for comparisons. On the other hand, the class K integrates session type checking with the sophisticated usage discipline developed by Kobayashi for π-calculus processes. is indirect approach to deadlock freedom, developed in [CDM14, Dar16], is general: it can capture sessions with subtyping, polymorphism, and higher-order communication. Also, as discussed in [CDM14], K strictly includes classes of session typed processes induced by other type systems for deadlock freedom [DdY08, CD10, Pad13].

Contributions is paper contributes technical results that, on the one hand, separate the classes L and K by precisely characterizing the fundamental diﬀerences between them and, on the other hand, unify these classes by showing how their diﬀerences can be overcome to translate processes in K into processes into L. More in details:

• To separate L from K, we define µK: a sub-class of K whose definition internalizes the key aspects of the Curry-Howard interpretations of session types. In particular, µK adopts the principle of “composition plus hiding”, a distinguishing feature of the interpretations in [CP10, Wad12], by which concurrent cooperation is restricted to the sharing of exactly one session channel. We show that L and µK coincide (eorem 4.1). is gives us a separation result: there are deadlock- free session processes that cannot be typed by systems derived from the Curry-Howard interpretation of session types [CP10, CPT16, Wad12], but that are admied as typable by the (indirect) approach of [CDM14, Dar16]. • To unify L and K, we define two translations of processes in K into processes in L (Definition 5.4 and C.10). Intuitively, because the difference between L and K lies in the forms of parallel composition they admit (restricted in L, liberal in K), it is natural to transform a process in K into another, more parallel process in L. In essence, the first translation, denoted L·M (Definition 5.4), exploits type information to replace sequential prefixes with representative parallel components; the second translation refines this idea by considering value dependencies, i.e., causal dependencies between independent sessions not captured by types. Our translations satisfy type-preservation and operational correspondence properties (eorems 5.1, 5.2, C.1, and C.2).

Our separation result is significant as it establishes the precise status of logically motivated systems with respect to previous disciplines, not based on Curry-Howard principles. It also provides a new characterization for linear logic-based processes, leveraging a very different type system for deadlock freedom [Kob06]. Also, our unifying result is insightful because it shows that the differences between the two classes of processes manifest themselves rather subtly at the level of process syntax, and can be eliminated by appropriately exploiting information at the level of types. To further illustrate these salient points, consider the process

P , (νxy)(νwz)(x(s).whsi | yhni.z(u)) where, following the syntax of the type system of Vasconcelos [Vas12], we use the restriction (νxy) to indicate that x and y are the two endpoints of the same channel (and similarly for (νwz)). Also, n denotes a terminated channel. Process P belongs to the class K. It consists of two processes in parallel, each implementing two separate sessions in sequence; as such, P does not respect the monolithic structure imposed

3 P f Figure 9: J·Kℓ (processes) Γ ⊢ST P [Vas12] Figure 7: J·Ku (processes) f Definition 4.2: J·Kℓ (contexts) Definition 3.11: J·Ku (contexts) L K JP Kℓ ⊢LL JΓKℓ f µ f DF: eorem 3.2 JΓKu ⊢ JP Ku m. 4.1 ≺ µK f f JΓKu ⊢≺ JP Ku DF: Corollary 3.2 Definition 5.4: Translation L·M

Figure 1: Summary of type systems, languages with deadlock freedom (DF), and encodings between them (indicated by solid black arrows). Main results are denoted by green lines: our separation result, based on the coincidence of L and µK is indicated by the solid line with reversed arrowheads; our unifying result is indicated by the dashed arrow. by “composition plus hiding”. Our separation result is that P falls outside µK, the strict sub-class of K that adheres to “composition plus hiding”. Now, process P has an operationally equivalent cousin, the process

Q , (νxy)(νwz)(x(s).whsi | yhni | z(u)) which is structurally equivalent to one that is more parallel and respects “composition plus hiding”:

Q ≡ (νwz)((νxy)(x(s).whsi | yhni) | z(u))

Our unifying result is that all processes in K but outside of µK have these kind of more parallel, operationally equivalent cousins, which respect the “composition plus hiding” principle that characterizes class L. To our knowledge, our work is the first to formally compare fundamentally distinct type systems for deadlock freedom in message-passing processes. Previous comparisons by Carbone et al. [CDM14] and Caires et al. [CPT16, §6], are informal: they are based on representative “corner cases”, namely examples of deadlock-free session processes typable in one system but not in some other. Figure 1 summarizes the different type systems and ingredients needed to define K and L.

Paper Organization In § 2 we summarize the session π-calculus and the type system of [Vas12]. In § 3 we present the two typed approaches to deadlock freedom for sessions. §4 defines the classes L and K, the strict sub-class µK, and shows that L = µK (eorem 4.1). § 5 presents our first translation of K into L and establishes its correctness properties. e optimization with value dependencies is discussed in §5.3. Enforcing deadlock freedom by typing is already challenging for processes without constructs such as recursion or replication. For this reason, here we concentrate on finite processes; in § 6 we discuss the case of processes with

4 P,Q ::= xhvi.P (output) | 0 (inaction) | x(y).P (input) | P | Q (composition)

| x⊳lj .P (selection) | (νxy)P (session restriction)

| x⊲ {li : Pi}i∈I (branching) v ::= x (channel)

(R-Com) (νxy)(xhvi.P | y(z).Q) → (νxy)(P | Q[v/z])

(R-Case) (νxy)(x⊳lj .P | y⊲ {li : Pi}i∈I ) → (νxy)(P | Pj ) j ∈ I (R-Par) P → Q =⇒ P | R → Q | R (R-Res) P → Q =⇒ (νxy)P → (νxy)Q (R-Str) P ≡ P ′, P → Q,Q′ ≡ Q =⇒ P ′ → Q′

Figure 2: e session π-calculus: syntax (top) and semantics (boom). unbounded behavior (with constructs such as replication and recursion) and connections with other logical interpretations of session types. §7 compares with related works and §8 collects some concluding remarks. Omied technical details are included in the appendices. is paper is a revised version of the workshop paper [DP15], extended with new material: we present full technical details and additional examples not presented in [DP15]. Also, we present updated comparisons with related works. e separation result based on the coincidence with the sub-class µK, given in §4, is new. Moreover, the first translation, presented in [DP15] and given in §5, has been substantially simplified and its correctness properties have been refined. e second translation, based on value dependencies and discussed in §5.3, is new to this paper. e content of §6 is also original to this presentation.

2 Session π-calculus

We present the session π-calculus and its corresponding type system: the linear fragment of the type system by Vasconcelos [Vas12], which ensures communication safety and session fidelity (but not progress nor deadlock freedom). Below we follow the definitions and results from [Vas12], pointing out differences where appropriate.

2.1 Process Model Let P,Q,... range over processes, x, y, . . . over channel names (or session endpoints), and v, v′,... over values; for simplicity, the sets of values and channels coincide. In examples, we use n to denote a terminated channel that cannot be further used. We brieﬂy comment on the syntax of processes, given in Figure 2 (upper part). e main diﬀerence with respect to the syntax in [Vas12] is that we do not consider boolean values nor conditional processes (if-then- else). Process xhvi.P denotes the output of v along x, with continuation P . Dually, process x(y).P denotes an input along x with continuation P , with y denoting a placeholder. Rather than the non-deterministic

5 choice of the untyped π-calculus [MPW92], the session π-calculus includes operators for (deterministic) internal and external labelled choices, denoted x⊳lj.P and x⊲ {li : Pi}i∈I , respectively. Process x⊳lj .P uses x to select lj from a labelled choice process x⊲ {li : Pi}i∈I , so as to trigger Pj ; labels are indexed by the finite set I and are pairwise distinct. We also have the inactive process (denoted 0), the parallel composition of P and Q (denoted P | Q), and the double restriction operator, noted (νxy)P : the intention is that x and y denote dual session endpoints with scope P . We omit 0 whenever possible and write, e.g., xhni instead of xhni.0. We will write P to denote the session π-calculus processes generated by the grammar in Figure 2. Notions of free and bound names in processes are exactly as in [Vas12]. at is, name y is bound in x(y).P and names x and y are bound in (νxy)P . A name that does not occur bound within a process is said to be free; the set of free names of P is denoted fn(P ). We write P [v/z] to denote the (capture-avoiding) substitution of free occurrences of z in P with v. Finally, we follow Barendregt’s variable convention, whereby all names in binding occurrences in any mathematical context are pairwise distinct and also distinct from the free names. e operational semantics is given in terms of a reduction relation, noted P → Q, and defined by the rules in Figure 2 (lower part). Reduction relies on a standard notion of structural congruence, noted ≡, defined by the following axioms:

P | Q ≡ Q | P (P | Q) | R ≡ P | (Q | R) P | 0 ≡ P (νxy)P | Q ≡ (νxy)(P | Q) (νxy)0 ≡ 0 (νwx)(νyz)P ≡ (νyz)(νwx)P

Key rules in Figure 2 are (R-Com) and (R-Case), denoting the interaction of output/input prefixes and selection/branching constructs, respectively. Observe that interaction involves prefixes with different channels (endpoints), and always occurs in the context of an outermost double restriction. Rules (R-Par),(R-Res), and (R- Str) are standard [Vas12]. We write →∗ to denote the reflexive, transitive closure of →.

2.2 Type System e syntax of session types, ranged over T, S, . . ., is given by the following grammar.

T,S ::= ?T.S | !T.S | &{li : Si}i∈I | ⊕{li : Si}i∈I | end

e type ?T.S is assigned to an endpoint that first receives a value of type T and then continues according to the protocol described by S. Dually, type !T.S is assigned to an endpoint that first outputs a value of type T and then continues according to the protocol described by S. Type &{li : Si}i∈I is used for external choices, and generalises input types; dually, type ⊕{li : Si}i∈I is used for internal choices, and generalises output types. Finally, end is the type of an endpoint with a terminated protocol. Notice that session types describe protocols as sequences of actions; they do not admit parallel operators. With respect to the syntax of types in [Vas12], we only consider channel endpoint types (no ground types such as bool). Also, types in the system in [Vas12] can be qualified aseither linear or unrestricted. Our session types are linear—the only unrestricted session type is end. Focusing on linear types suffices for our purposes, and leads to simplifications in typing rules and auxiliary notions, such as well-formedness (see below). A central notion in session-based concurrency is duality, which relates session types offering opposite (i.e., complementary) behaviors; it stands at the basis of communication safety and session fidelity. Given

6 (T-Nil) (T-Par) (T-Res) un(Γ) Γ1 ⊢ST P Γ2 ⊢ST Q Γ, x : T,y : T ⊢ST P

Γ ⊢ST 0 Γ1, Γ2 ⊢ST P | Q Γ ⊢ST (νxy)P

(T-In) (T-Out) Γ, x : S,y : T ⊢ST P Γ, x : S ⊢ST P Γ, x : ?T.S ⊢ST x(y).P Γ, x :!T.S, y : T ⊢ST xhyi.P

(T-Brch) (T-Sel) Γ, x : Si ⊢ST Pi ∀i ∈ I Γ, x : Sj ⊢ST P ∃j ∈ I

Γ, x :&{li : Si}i∈I ⊢ST x⊲ {li : Pi}i∈I Γ, x : ⊕{li : Si}i∈I ⊢ST x⊳lj .P

Figure 3: Typing rules for the session π-calculus. a session type T , its dual type T is deﬁned as follows:

end , end !T.S , ?T.S ?T.S , !T.S ⊕{li : Si}i∈I , &{li : Si}i∈I &{li : Si}i∈I , ⊕{li : Si}i∈I

Typing contexts, ranged over by Γ, Γ′, are produced by the following grammar:

Γ, Γ′ ::= ∅ | Γ, x : T where ‘∅’ denotes the empty context. We standardly require the variables appearing in a context to be pairwise distinct. It is oen convenient to treat typing contexts as sets of typing assignments x : T . is way, e.g., we write x : T ∈ Γ if Γ=Γ′, x : T , for some Γ′. We write un(Γ) if and only if x : T ∈ Γ implies T = end. We sometimes write Γun to indicate that un(Γ). Given a context Γ and a process P , a session typing judgment is of the form Γ ⊢ST P . If Γ is empty, we write ⊢ST P . Typing rules are given in Figure 3. Rule (T-Nil) states that 0 is only well-typed under a fully terminated context. Rule (T-Par) types the parallel composition of two processes by composing their corresponding typing contexts.1 Rule (T-Res) types a restricted process by requiring that the two endpoints have dual types. Rules (T-In) and (T-Out) type the receiving and sending of a value over a channel x, respectively. Finally, Rules (T-Brch) and (T-Sel) are generalizations of input and output over a labelled set of processes. e main guarantees of the type system in [Vas12] are communication safety and session ﬁdelity, i.e., typed processes respect their ascribed protocols, as represented by session types. We have the following results:

eorem 2.1 (Strengthening – Lemma 7.3 in [Vas12]). Let Γ ⊢ST P and x 6∈ fn(P ). If Γ=Γ′, x : T then Γ′ ⊢ST P . 1In the presence of unrestricted types, as given in [Vas12], Rule (T-Par) requires a spliing operator, noted ◦ in [Vas12]. However, since we consider only linear session types, the ◦ operator boils down to ‘,’.

7 eorem 2.2 (Preservation for ≡ – Lemma 7.4 in [Vas12]). If Γ ⊢ST P and P ≡ Q, then Γ ⊢ST Q.

eorem 2.3 (Preservation – eorem 7.2 in [Vas12]). If Γ ⊢ST P and P → Q, then Γ ⊢ST Q.

Following [Vas12], we say that processes of the form xhvi.P , x(z).Q, x⊳lj.P , and x⊲ {li : Pi}i∈I are prefixed at x. We call redexes processes of the form xhvi.P | y(z).Q and x⊳lj.P | y⊲ {li : Pi}i∈I . e following notion of well-formed processes, a specialization of the definition in [Vas12], is key to single out meaningful typed processes: Definition 2.1 (Well-Formedness). A process is well-formed if for each of its structural congruent processes of the form (νx1y1) ... (νxnyn)(P | Q | R) the following condition holds.

• If P is preﬁxed at x1 and Q is preﬁxed at y1 then P | Q is a redex. We have the following result:

eorem 2.4 (Safety – eorem 7.3 in [Vas12]). If ⊢ST P then P is well-formed.

erefore, if ⊢ST P and P reduces to Q in zero or more steps, then Q is well-formed; this is eorem 7.1 in [Vas12]. We close by introducing some useful terminology:

Deﬁnition 2.2 ((Un)Composable Processes). Let Γ ⊢ST P . If Γ is empty, we say that P is uncomposable; otherwise, if Γ is non-empty, we say P is composable. We use the adjectives composable and uncomposable to distinguish typable processes depending on their associated typing context. Note that the adjectives open and closed have their usual meaning, associated to the free names of a process, possibly untyped. As an example, process 0 is a closed process that can be typed under a non-empty typing context, and so it is composable.

2.3 Deadlock Freedom As already motivated, a desirable liveness property for session π-calculus processes is that they should never “get stuck”. Unfortunately, the session type system givenin[Vas12] (and summarized above) does not exclude deadlocked processes. Intuitively, this is because typed processes may contain cyclic causal dependencies enforced by communication prefixes in processes but not described by their session types. Indeed, a particularly insidious class of deadlocks is due to cyclic interleaving of channels in processes, as illustrated by following example. Example 2.1 (A Deadlocked Process). Process P , (νxy)(νwz)(xhni.whni | z(t).y(s)) represents the implementation of two independent sessions, xy and wz, which get intertwined (blocked) due to the nest- ing induced by input and output prefixes. Process P is well-typed in [Vas12] under n : end ⊢ST P , even if P is unable to reduce. Below we define deadlock freedom in the session π-calculus by following [KL17, Def.5.2]: Definition 2.3 (Deadlock Freedom). A process P is deadlock-free if the following condition holds: whenever P →∗ P ′ and one of the following holds

′ • P ≡ (νxy)(xhvi.Q1 | Q2)

′ • P ≡ (νxy)(x(y).Q1 | Q2) f

f 8 ′ • P ≡ (νxy)(x⊳lj .Q1 | Q2)

′ • P ≡ (νxy)(x⊲ {li : Pi}i∈I | Q) f then there exists R such that P ′ → R. f Remark 1 (Defining Deadlock Freedom). Definition 2.3 is closely related to the definition of deadlock and deadlock freedom in [Kob02] (Definition 2.4), which states that a process P is in deadlock if it reaches one of the first two items stated in Definition 2.3 and cannot reduce from there. en, a process P defined as deadlock-free if it never reduces to a deadlocked process. We shall be following the type system in [Kob06], where the notion of deadlock freedom is defined informally: a process is deadlock-free if when “given a request, it will eventually returns a result unless the process diverges”. Example 2.2 (A Deadlock-Free Process). It is easy to see that process P from Example 2.1 is not deadlock-free as per Definition 2.3. A deadlock-free variant of process P would be P ′ , (νxy)(νwz)(xhni.whni | y(s).z(t)), which also is typable: n : end ⊢ST P ′. Observe how the difference between P and P ′ is in the parallel component on the right-hand side: the two input prefixes have been swapped.

3 Two Approaches to Deadlock Freedom

We introduce two approaches to typing deadlock-free processes. e ﬁrst comes from interpretations of linear logic propositions as session types [CP10, CPT16, Wad12] (§ 3.1). e second approach exploits encodings of session processes and types [DGS12] into the linear types with usages for the π-calculus (§ 3.2). Based on these approaches, in § 4 we will formally deﬁne the classes L and K mentioned in the introduction.

3.1 Linear Logic Foundations of Session Types e linear logic interpretation of session types was introduced by Caires and Pfenning [CP10, CPT16], and developed by Wadler [Wad12] and others. Here we consider an interpretation based on classical linear logic (CLL) with mix principles, following [Cai14, CP17]. e syntax and semantics of processes are as in § 2 with the following diﬀerences. First, we have a single restriction construct (νx)P instead of the double restriction (νxy)P . Second, we have a forwarding process, denoted [x ↔ y], which intuitively “fuses” or “links” channels/names x and y. More formally, we have:

P,Q ::= xhvi.P | x(y).P | x⊳lj .P | x⊲ {li : Pi}i∈I | (νx)P | [x↔y] | P | Q | 0

In what follows, the bound output (νy)xhyi.P will be abbreviated as x(y)P . Also, we write (νx)P to abbreviate (νx1) ... (νxn)P . Diﬀerences in the reduction rules are summarized in Figure 4. In particular, observe how interactione of input/output preﬁxes and of selection/branching constructs is no longer covered by an outermost restriction. As for the type system, we consider the so-called linear logic types which correspond to linear logic propositions (without exponentials). ey are given by the following grammar:

A, B ::= ⊥ | 1 | A ⊗ B | A O B | &{li : Ai}i∈I | ⊕{li : Ai}i∈I

9 (R-ChCom) xhvi.P | x(z).Q → P | Q[v/z] (R-Fwd) (νx)([x↔y] | P ) → P [y/x]

(R-ChCase) x⊳lj .P | x⊲ {li : Pi}i∈I → P | Pj j ∈ I (R-ChRes) P → Q =⇒ (νx)P → (νx)Q

Figure 4: Reduction rules for processes in L.

Intuitively, ⊥ and 1 are used to type a terminated endpoint. Type A ⊗ B is associated to an endpoint that first outputs an object of type A and then behaves according to B. Dually, type A O B is the type of an endpoint that first inputs an object of type A and then continues as B. e interpretation of &{li : Ai}i∈I and ⊕{li : Ai}i∈I as types for branching and selection behaviors is precisely as in session types (cf. §2.2). A full duality on linear logic types corresponds to the negation operator of CLL (·)⊥. e dual of type A, denoted A, is inductively defined as follows: 1 , ⊥ ⊥ , 1 A ⊗ B , A O B A O B , A ⊗ B &{li : Ai}i∈I , ⊕{li : Ai}i∈I ⊕{li : Ai}i∈I , &{li : Ai}i∈I Recall that A⊸B , A O B. As explained in [Cai14], considering mix principles means admiing ⊥⊸1 and 1⊸⊥, and therefore ⊥ = 1. We write • to denote either ⊥ or 1, and therefore • = •. at is, we consider the conflation of dual types ⊥ and 1 as explored by Atkey et al. [ALM16]. Typing contexts, ranged over ∆, ∆′,..., are produced by the following grammar: ∆, ∆′ ::= · | ∆, x : A where ‘ · ’ denotes the empty typing context. Typing judgments are of the form P ⊢LL ∆. Figure 5 gives the corresponding typing rules. One salient point is Rule (T-cut), which types two processes that have exactly one channel of dual type in common (x in the rule) by composing them in parallel and immediately restricting this common channel. is implements the “composition plus hiding” principle, which monolithically integrates parallel composition and restriction in a single rule. Indeed, unlike the system in [Vas12], there is no dedicated rule for restriction, which also appears in the bound output induced by Rule (T-⊗). Also, Rule (T-mix) conveniently enables to type the independent parallel composition of processes, i.e., the composition of two processes that do not share any sessions. (is is referred to as communication-free concurrency in [ALM16].) Following Definition 2.2, we say that process P ⊢LL ∆ is composable if ∆ 6= · and uncomposable otherwise. We now collect main results for this type system; see [CPT16, Cai14, CP17] for details. We first state type preservation:

eorem 3.1 (Type Preservation). If P ⊢LL ∆ and P −→ Q then Q ⊢LL ∆. We now state deadlock freedom. For any P , deﬁne live(P ) if and only if P ≡ (νn)(π.Q | R), where π is an input, output, selection, or branching preﬁx.

eorem 3.2 (Deadlock Freedom). If P ⊢LL · and live(P ) then P −→ Q, for some Q.e

10 P ⊢LL ∆ (T-1) (T-⊥) (T-id) 0 ⊢LL x:• P ⊢LL x:•, ∆ [x↔y] ⊢LL x:A, y:A

(T-O) (T-⊗) ′ P ⊢LL ∆,y:A, x:B P ⊢LL ∆,y:AQ ⊢LL ∆ , x:B ′ x(y).P ⊢LL ∆, x:A O B x(y).(P | Q) ⊢LL ∆, ∆ , x:A ⊗ B

(T-⊕) (T-&) P ⊢LL ∆, x:Aj j ∈ I Pi ⊢LL ∆, x:Ai ∀i ∈ I

x⊳lj .P ⊢LL ∆, x: ⊕{li : Ai}i∈I x⊲ {li : Pi}i∈I ⊢LL ∆, x:&{li : Ai}i∈I

(T-cut) (T-mix) ′ ′ P ⊢LL ∆, x:AQ ⊢LL ∆ , x:A P ⊢LL ∆ Q ⊢LL ∆ ′ ′ (νx)(P | Q) ⊢LL ∆, ∆ P | Q ⊢LL ∆, ∆

Figure 5: Typing rules for the π-calculus with linear logic types.

3.2 Deadlock Freedom by Encodability e second approach to deadlock-free session processes is indirect, in that establishing deadlock freedom for session processes appeals to encodings into a dyadic π-calculus whose type system enforces deadlock freedom by exploiting usages, obligations, and capabilities [Kob02, Kob06]. We follow closely the deﬁnitions and results in [Kob06]. Next, we introduce the syntax of the (dyadic) π-calculus (§3.2.1), types with usages (§3.2.2), typing rules (§3.2.2), and ﬁnally the technical results leading to deadlock freedom (§3.2.3). e encodings of session processes into dyadic processes and of session types into types with usages are given in §3.2.4.

3.2.1 e Dyadic π-calculus Syntax e syntax of the dyadic π-calculus is as follows:

v ::= x (channel) | lj v (variant value) P,Q ::= xhvi.P (output) | 0 (inaction) | x(z).P (input) | P | Q (composition) e | case v of {li xi ⊲ Pi}i∈I (case) | (νx)P (session restriction) e We discuss differences with respect to §2 and [Kob06]: • While the syntax of processes given in § 2 (and in [Kob06]) supports monadic communication, we consider dyadic communication: an output prefix involves a tuple of values v1, v2 and an input prefix involves a tuple of variables z1,z2. For the sake of notational uniformity, we write v and z to stand for v1, v2 and z1,z2, respectively. Dyadic communication is convenient, as the encoding of session processes into “standard” π-calculus processes [DGS12] requires transmiing tuplese whosee length is at most two.

11 • While in [Kob06] input and output preﬁxes are annotated with a capability annotation t ∈ N ∪ ∞, we omit such annotations to enhance clarity. • Rather than the branching and selection constructs in § 2 (and the if-then-else process considered in [Kob06]), in the dyadic π-calculus presented above we have the case construct case v of {li xi ⊲ Pi}i∈I , which uses the variant value lj v [SW01]. • We do not consider the let construct and replication processes in[Kob06]. • In line with §3.1 and [Kob06] (but diﬀerently from §2) we use (νx)P as restriction operator.

As before, we write (νx)P to denote the process (νx1) ··· (νxn)P . Notions of free and bound names are as usual; we write fn(P ) to denote the set of free names of P . e Reduction Semantics Following [Kob06], the reduction semantics of dyadic π-calculus processes relies on the structural relation : Deﬁnition 3.1 (Def A2 in [Kob06]). e structural relation is the least reﬂexive and transitive relation closed under the following rules (where P ≡ Q denotes (P Q) ∧ (Q P )): P | Q ≡ Q | P (P | Q) | R ≡ P | (Q | R) P | 0 ≡ P (νx)P | Q ≡ (νx)(P | Q) if x is not free in Q (νx)0 ≡ 0 (νx)(νy)P ≡ (νy)(νx)P P Q =⇒ P | R Q | R P Q =⇒ (νx)P (νx)Q us, P Q intuitively means that P can be restructured into Q by using the above rules. We shall refer to ≡ as structural equivalence. e reduction rules are then as follows:

(Rπ-Com) xhvi.P | x(z).Q → P | Q[v/z] e e (Rπ-Case) case lj v of {li xi ⊲ Pi}i∈I → Pj [v/xj] j ∈ I (Rπ-Par) P e→ Q =⇒eP | R → Q | R (Rπ-Res) P → Q =⇒ (νx)P → (νx)Q (Rπ-Str) P P ′, P → Q,Q′ Q =⇒ P ′ → Q′

Rules are self-explanatory. We only discuss Rule (Rπ-Case), which is the main difference with respect to the reduction semantics in [Kob06]. Note that by using the variant value lj v, this rule simultaneously selects Pj and induces the substitution [v/xj]. is is different from Rule (R-Case) for selection and branching (cf. Figure 2), which selects a branch but does not involve a communication. As before, we write →∗ to denote the reflexive, transitive closure of →. Since the definition of deadlock freedom in [Kob06] is only informal (cf. Remark 1), we shall adopt the following definition, which mirrors Definition 2.3: Definition 3.2 (Deadlock Freedom). A process P is deadlock-free if the following condition holds: whenever P →∗ P ′ and one of the following holds ′ • P ≡ (νx)(xhvi.Q1 | Q2) ′ • P ≡ (νx)(x(y).Q1 | Q2) e e ′ • P ≡ (νx)(case lj v of {li xi ⊲ Pi}i∈I | Q) e e then there exists R such that P ′ → R. e 12 3.2.2 Types with Usages e type system for deadlock freedom in [Kob06] exploits types with usages. Usages rely on obligations and capabilities, which are endowed with levels to describe inter-channel dependencies:

• Anobligation of level n must be fulfilled by using only capabilities of level less than n. Said differently, an action of obligation n may be prefixed by actions of capabilities less than n. • For an action with capability of level n, there must exist a co-action with obligation of level less than n or equal to n. We shall rely on usages as defined next, a strict subset of those defined in [Kob06].

Deﬁnition 3.3 (Usages). e syntax of usages U,U ′,... is deﬁned by the following grammar:

U ::= 0 (not usable) o | ?κ.U (used in input) o | !κ.U (used in output)

| (U1 | U2) (used in parallel) | ↑ t U (li obligation levels of U up to t) where the obligation o and the capability κ range over the set N ∪ ∞. We shall refer to usages generated with the ﬁrst three productions above (not usable, input, output) as sequential usages.

o o Usage 0 describes a channel that cannot be used at all. A usage ?κ.U (resp. !κ.U) is associated to a channel that can be used once for input (resp. output) and then according to usage U. e usage U1 | U2 t can be associated to a channel that is used according to U1 and U2, possibly in parallel. e usage ↑ U acts as an operator that lis the obligation levels in U up to t. We let α range over ‘?’ and ‘!’. We will oen o o omit 0, and so we will write, e.g., ακ instead of ακ.0. Notation 3.1 (Co-actions). We write α to denote the co-action of α, i.e., ! = ? and ? = !. We rely on a number of auxiliary deﬁnitions for usages; they all follow [Kob06]:

Deﬁnition 3.4 (Capabilities and Obligations). Let U be a usage. e input and output capability levels (resp. obligation levels) of U, wrien cap?(U) and cap!(U) (resp. ob?(U) and ob!(U)), are deﬁned as:

capα(0) , ∞ obα(0) , ∞ o o capα(ακ.U) , ∞ obα(ακ.U) , ∞ o o capα(ακ.U) , κ obα(ακ.U) , o capα(U1 | U2) , min(capα(U1), capα(U2)) obα(U1 | U2) , min(obα(U1), obα(U2)) t t capα(↑ U) , capα(U) obα(↑ U) , max(t, obα(U))

We write ob(U) for max(ob?(U), ob!(U)). e reduction relation on usages, noted U → U ′, intuitively says that if a channel with usage U is used for communication then it should be used according to U ′ aerwards. It relies on an auxiliary structural relation on usages.

13 Definition 3.5 (Structural relation on usages [Kob06]). Let be the least reflexive and transitive relation on usages defined by the following rules:

t t t U1 | U2 U2 | U1 ↑ (U1 | U2) (↑ U1) | (↑ U2) (U1 | U2) | U3 U1 | (U2 | U3) ′ ′ ′ ′ t o max(o,t) ′ t t ′ U1 U1 ∧ U2 U2 =⇒ U1 | U1 U2 | U2 ↑ ακ.U ακ .UU U =⇒↑ U ↑ U Definition 3.6. e reduction relation → on usages is the smallest relation closed under the following rules: ′ U-Com o o ( ) ?κ.U1 | !κ′ .U2 → U1 | U2 (U-Par) U → U ′ =⇒ U | U ′′ → U ′ | U ′′ ′ ′ (U-SubStruct) U U1,U1 → U2,U2 U =⇒ U → U e reflexive, transitive closure of → (wrien →∗) is defined as expected. e following key definition ensures that if some action has a capability of level n then the obligation level of its co-actions should be at most n.

Deﬁnition 3.7 (Reliability). Let α and α be co-actions (cf. Notation 3.1). We write conα(U) when obα(U) ≤ capα(U). We write con(U) when con?(U) and con!(U) hold. Usage U is reliable, noted rel(U), if con(U ′) holds for all U ′ such that U →∗ U ′. Example 3.1. We illustrate reliability and obligation/capability levels. Consider the usage U = o1 o2 ?κ1 .0 | !κ2 .0. We establish the conditions required for rel(U) to hold. is in turn requires determining a few ingredients:

o1 o2 • ob!(U) = min(ob!(?κ1 .0), ob!(!κ2 .0)) = min(∞, o2)= o2

o1 o2 • cap?(U) = min(cap?(?κ1 .0), cap?(!κ2 .0)) = min(κ1, ∞)= κ1

o1 o2 • ob?(U) = min(ob?(?κ1 .0), ob?(!κ2 .0)) = min(o1, ∞)= o1

o1 o2 • cap!(U) = min(cap!(?κ1 .0), cap!(!κ2 .0)) = min(∞,κ2)= κ2

is way, con?(U) denotes o2 ≤ κ1; similarly, con!(U) denotes o1 ≤ κ2. en we have that con(U) holds when both o2 ≤ κ1 and o1 ≤ κ2 hold. is is indeed the condition needed for rel(U) to hold; notice that U → 0 | 0 is the only reduction possible, and that con(0 | 0) trivially holds. Notice that leing o1 = κ1 = o2 = κ2 =0 suffices for rel(U) to hold. Having defined usages (and their associated notions), we move to define types. Definition 3.8 (Types with Usages). e syntax of types τ, τ ′,... builds upon usages as follows:

τ ::= chan(τ ; U) (channel types)

| hli : τiii∈I (variant type) e Above, τ indicates a sequence of types of length at most two. Type chan(τ ; U) is associated to a channel that behaves according to usage U to exchange a tuple of values with types τ1, τ2. Notice that τ can be empty;e in that case, we write chan(− ; U): a channel with this type behavese according to U without exchanging any values. e Diﬀerences with respect to the syntax of types in [Kob06] are: (i) we do not consider Boolean nor product types, and (ii) we consider the variant type hli : τiii∈I from [SW01] to denote the disjoint union of

14 labeled types, where labels li (i ∈ I) are pairwise distinct. Variant types are essential to encode selection and branching in session types [DGS12]. Typing contexts, ranged over Γ, Γ′,..., are produced by the following grammar: Γ, Γ′ ::= ∅ | Γ, x : τ where ‘∅’ denotes the empty context. Given a context Γ = x1 : τ1, ··· , xn : τn, we write dom(Γ) to denote its domain, i.e., the set {x1,...,xn}. Following [Kob06], we use ‘≺’ to denote a partial order that statically tracks the order in which channels are created. at is, x ≺ y means that x was created more recently than y. Typing judgments are indexed by ‘≺’; they are of the form Γ ⊢≺ v (for values) and Γ ⊢≺ P (for processes). Before commenting on the typing rules, given in Figure 6, we present some important auxiliary notions, extracted from [Kob06]. e Deﬁnition 3.9 (Auxiliary Operators on Types). We deﬁne the following auxiliary operators: 1. e unary operation ↑ t on usages extends to types as follows: ↑ t (chan(τ ; U)) = chan(τ ; ↑ t U)

2. e composition operation on types, denoted | , is deﬁned as follows: e e chan(τ ; U1) | chan(τ ; U2) , chan(τ ; (U1 | U2))

hli : τiii∈I | hli : τiii∈I , hli : τiii∈I e e e e generalisation of | to typing contexts, denoted (Γ1 | Γ2)(x), is deﬁned as follows:

Γ1(x) | Γ2(x) if x ∈ dom(Γ1) ∩ dom(Γ2) (Γ1 | Γ2)(x)= Γ1(x) if x ∈ dom(Γ1) \ dom(Γ2) Γ2(x) if x ∈ dom(Γ2) \ dom(Γ1)  o 3. e operator“ ;≺ ” combines a type assignment x : chan(τ ; ακ) and a context Γ into a new context. o ′ Precisely, x : chan(τ ; ακ);≺ Γ represents the context Γ , defined as follows: dom(Γ′) , {x} ∪ dom(Γ) e e chan(τ ; αo .U) if Γ(x)= chan(τ ; U) ′ , κ Γ (x) o (chan(τ ; ακ) if x∈ / dom(Γ) e e ↑κ Γ(y) if y 6= x ∧ x ≺ y ′ , Γ (y) κ+1 e (↑ Γ(y) if y 6= x ∧ x 6≺ y e typing rules for values and processes are given in Figure 6. All rules are as in [Kob06], except for the new rules (Tπ-LVal) and (Tπ-Case), which type a choice: the former types a variant value with a variant type; the laer types a case process using a variant value as its guard. We discuss the remaining rules. Rules (Tπ-Var) and (Tπ-Tup) are standard. Rule (Tπ-Nil) states that the terminated process is typed under the empty context. Rule (Tπ-Res) states that (νx)P is well-typed if the usage for x is reliable (cf. Definition 3.7). Rule (Tπ-Par) states that the parallel composition of processes P and Q (typable under Γ1 and Γ2, respectively) is well-typed under the composed typing context Γ1 | Γ2 (Definition 3.9(2)). Note that, unlike Rule (T-cut) in Figure 5, P and Q need not to share any channels to be composed. Rules (Tπ-Out) T -In and ( π ) type output and input processes with dyadic communication in a typing context where the ‘ ;≺ ’ operator (Definition 3.9(3)) is used to increase the obligation level of the channels in continuation P .

15 (Tπ-Tup) (Tπ-LVal) (Tπ-Var) Γ1 ⊢≺ v1 : τ1 Γ2 ⊢≺ v2 : τ2 v = v1, v2 τ = τ1, τ2 Γ ⊢≺ v : τj ∃j ∈ I

x : τ ⊢≺ x : τ Γ1 | Γ2 ⊢≺ v : τ Γ ⊢≺ lj v : hli : τiii∈I e e (Tπ-Res) (Tπ-Par) (Tπ-Nil) e e Γ, x : chan(τ ; U) ⊢≺∪{(x,y) | y∈fn(P )\{x}} P rel(U) Γ1 ⊢≺ P Γ2 ⊢≺ Q

∅⊢≺ 0 Γ ⊢≺ (νx)P Γ1 | Γ2 ⊢≺ P | Q e (Tπ-Out) (Tπ-In) Γ1 ⊢≺ P Γ2 ⊢≺ v : τ Γ, y : τ ⊢≺ P 0 0 x : chan(τ ;!κ);≺ (Γ1 | Γ2) ⊢≺ xhv˜i.P x : chan(τ ; ?κ);≺ Γ ⊢≺ x(y).P e e e e (Tπ-Case) e e e Γ1 ⊢≺ v : hli : τiii∈I Γ2, xi : τi ⊢≺ Pi ∀i ∈ I

Γ1 | Γ2 ⊢≺ case v of {li xi ⊲ Pi}i∈I

Figure 6: Typing rules for the π-calculus (§3.2.1). Rules for values appear in the ﬁrst line; the remaining rules are for processes.

3.2.3 Properties Type soundness of the type system given in Figure 6 implies that well-typed processes are deadlock-free (cf. Definition 3.2). We now state these technical results from [Kob06] and discuss changes in their proofs, which require minimal modifications. First, typing is preserved by the structural relation (cf. Definition 3.1):

Lemma 3.1. If Γ ⊢≺ P and P Q then Γ ⊢≺ Q. e proof of type preservation in [Kob06] relies on other auxiliary results (such as substitution), which we do not recall here. To state the type preservation result, we need the following auxiliary deﬁnition: Deﬁnition 3.10 (Context Reduction). We write Γ → Γ′ when one of the following hold:

′ ′ ′ 1. Γ=Γ1, x : chan(τ ; U) and Γ = Γ1, x : chan(τ ; U ) with U → U (cf. Deﬁnition 3.6), for some ′ Γ1, x, τ, U and U .

e ′ e 2. Γ=Γ1, x : hli : τiii∈I and Γ =Γ1, x : τj , with j ∈ I, for some Γ1 and x. e Above, Item (1) is as in [Kob06]. Item (2) is required for characterizing reductions of the case construct. We now state type preservation.

′ ′ ′ eorem 3.3 (Type Preservation). If Γ ⊢≺ P and P → Q, then Γ ⊢≺ Q for some Γ such that Γ =Γ or Γ → Γ′. e proof is by induction on the derivation P → Q, following closely the proof in [Kob06]. An additional case is needed due to the reduction rule of the case construct (Rule (Rπ-Case)):

v case lj v of {li xi ⊲ Pi}i∈I → Pj [ /xj] (j ∈ I)

16 0 f 0 J Ku , ν f ν f,{x,y7→c} J( xy)P Ku , ( c)JP Ku f f f JP | QKu , JP Ku | JQKu f ν f,{x7→c} Jxhvi.P Ku , ( c)fxhfv,ci.JP Ku f f,{x7→c} Jx(y).P Ku , fx(y,c).JP Ku f ν f,{x7→c} Jx⊳lj .P Ku , ( c)fxhlj ci.JP Ku f case of f,{x7→c} Jx⊲ {li : Pi}i∈I Ku , fx(y). y {li c⊲ JPiKu }i∈I

Figure 7: Encoding session π-calculus processes into the dyadic π-calculus, under a renaming function f on names/channels.

As a result of this reduction, we have Γ → Γ′ because of Deﬁnition 3.10(2). e following important result extends eorem 2 in [Kob06] with the case construct:

eorem 3.4 (Deadlock Freedom). If ∅⊢≺ P and one of the following holds

• P (νx)(xhvi.Q1 | Q2) • P (νx)(x(z).Q | Q ) e e 1 2 • P (νx)(case lj v of {li xi ⊲ Pi}i I | Q) e e ∈ then P → R, for some process R. e In [Kob06], the proof of this theorem relies on a notion of normal form in which input and output preﬁxes act as guards for if-expressions and let-expressions (not present in our syntax); our case construct can be easily accommodated in such normal forms. e proof in [Kob06] also uses: (i) an extension of for replicated processes, (ii) mechanisms for uniquely identifying bound names, and (iii) an ordering on processes. In our case, we do not need (i) and can re-use (ii) and (iii) as they are. With these elements, the proof argument proceeds as in [Kob06]. We ﬁnally have:

Corollary 3.1. If ∅⊢≺ P then P is deadlock-free, in the sense of Deﬁnition 3.2. It is worth noticing how both eorem 3.2 and eorem 3.4 have similar formulations: both properties state that processes can always reduce if they are well-typed (under the empty typing context) and have an appropriate structure (cf., condition live(P ) in eorem 3.2 and condition P (νx)(x(z).Q | R) or P (νx)(xhvi.Q | R) in eorem 3.4). e e 3.2.4 One Deadlocke Freedom by Encoding We use encodings to relate classes of (typed) processes induced by the type systems given so far. To translate a session typed process into a usage typed process, we follow the encoding suggested in [Kob07] and developed in [DGS12], which mimics the sequential structure of a session by sending its continuation f as a payload over a channel. is continuation-passing style encoding of processes is denoted J·Ku , where f is a renaming function from channels to fresh names; see Figure 7. We write fx to stand for f(x) and

17 JendKu = chan(− ; 0) 0 J?T.SKu = chan(JT Ku, JSKu ; ?0) 0 J!T.SKu = chan(JT Ku, JSKu ;!0) 0 J&{li : Si}i∈I Ku = chan(hli : JSiKuii∈I ; ?0) 0 J⊕{li : Si}i∈I Ku = chan(hli : JSiKuii∈I ;!0)

Figure 8: Encoding session types into usage types. f, {x 7→ c} to denote that the entry for x in the renaming f is updated to c. We write f, {x, y 7→ c} to mean that both x and y are updated to c. We also need to formally relate session types to usage types. To this end, we deﬁne J·Ku in Figure 8. Two points are noteworthy: (i) it suﬃces to generate a usage type with obligations and capabilities equal to 0, and (ii) only sequential usages are needed to encode session types. We now extend this encoding from types to typing contexts:

f Deﬁnition 3.11. Given J·Ku as in Figure 8, and with a slight abuse of notation, we write J·Ku to denote the encoding of session type contexts Γ into usage typing contexts that is inductively deﬁned as follows:

f f f J∅Ku , ∅ JΓ, x : T Ku , JΓKu ,fx : JT Ku

e next results relate deadlock freedom, typing and the encodings in [DGS12], thus formalising the indirect approach to deadlock freedom.

f Proposition 3.1. Let P be a deadlock-free session process. en JP Ku is a deadlock-free π-process. Proof. e encoding of terms given in Figure 7 preserves the nature of the prefixes in P (outputs are directly translated as outputs, and similarly for inputs) and is defined homomorphically with respect to f parallel composition. en, it is easy to see that if P reduces then JP Ku can immediately match that reduction; thanks to the definitions of deadlock freedom in each language (Definition 2.3 and Definition 3.2, respectively), this suffices to conclude the thesis.

e following result states deadlock freedom by encodability, following [CDM14].

f Corollary 3.2. Let ⊢ST P be a session process. If ⊢≺ JP Ku is deadlock-free then P is deadlock-free.

4 Separating Classes of Deadlock-Free Typed Processes

Up to here, we have summarized three existing type systems for the π-calculus:

• Session types, with judgment Γ ⊢ST P (§2.2);

• Session types based on linear logic, with judgment P ⊢LL ∆ (§3.1);

• Usage types, with judgment Γ ⊢≺ P (§3.2.2).

18 Jxhyi.P Kℓ , x(z).([z ↔y] | JP Kℓ)

J(νxy)P Kℓ , (νw)JP Kℓ[w/x][w/y] w 6∈ fn(P )

Figure 9: Encoding session π-calculus processes into the linear logic processes (cf. §3.1). It is deﬁned as an homomorphism for the other process constructs.

Here we establish formal relationships between these type systems. As already mentioned, our approach consists in deﬁning L and K, the class of deadlock-free session-typed processes induced by the type systems in § 3.1 and § 3.2.2, respectively. Our main result is that L ⊂ K (Corollary 4.1), a strict inclusion that separates these two classes of processes. To obtain this separation result, we deﬁne µK, a strict sub-class of K which we show to coincide with L.

4.1 Classes of Deadlock-Free Processes 4.1.1 e Classes L and K We start by defining classes L and K, for which we require some auxiliary definitions. e following encoding addresses minor syntactic differences between session typed processes (cf. §2) and the processes typable in the linear logic interpretation of session types (cf. §3.1). Such differences concern free output actions and the double restriction operator:

Deﬁnition 4.1. Let P be a session process. e auxiliary encoding J·Kℓ from the session processes (cf. §2) into the linear logic processes (cf. §3.1) is deﬁned in Figure 9. We also need an encoding of session types into linear logic propositions. e encoding, also denoted J·Kℓ and given in Figure 10, simply follows the essence of the linear logic interpretation. We extend it to typing contexts as follows:

Deﬁnition 4.2. e encoding J·Kℓ of session type contexts Γ into linear logic typing contexts is deﬁned as: J∅Kℓ , ∅ JΓ, x : T Kℓ , JΓKℓ, x : JT Kℓ

It is not difficult to see that the encoding in Definition 4.1 is operationally correct. at is, J·Kℓ preserves and reflects reductions of session processes. It also preserves the encoding of types in Figure 10 and Definition 4.2. e next definition allows us to abstract away from differences in the way type systems handle process 0: in the usages type system, process 0 can only be typed under the empty typing context, whereas in the session type systems the typing context can be non-empty (subject to conditions).

Deﬁnition 4.3 (Core Context). Given Γ ⊢ST P , we write Γ↓ to denote the core context of Γ with respect to P . Context Γ↓ is deﬁned so that Γ=Γ↓, Γ′ holds for some Γ′, satisfying the following conditions: (i) un(Γ′); (ii) x : end ∈ Γ′ implies x 6∈ fn(P ); and (ii) x : T ∈ Γ↓ implies x ∈ fn(P ).

Notice that, by eorem 2.1 (strengthening), Γ ⊢ST P implies Γ↓ ⊢ST P . Recall that we write P to denote the class of session π-calculus processes generated by the grammar in Figure 2. Formally, L and K are classes of processes in P, deﬁned below.

19 JendKℓ = •

J?T.SKℓ = JT Kℓ O JSKℓ

J!T.SKℓ = JT Kℓ ⊗ JSKℓ

J&{li : Si}i∈I Kℓ =& li : JSiKℓ i∈I

J⊕{li : Si}i∈I Kℓ = ⊕li : JSiKℓ i∈I Figure 10: Encoding session types into linear logic types.

Deﬁnition 4.4 (L and K). e classes L and K are deﬁned as follows:

L , P ∈ P : ∃Γ. (Γ ⊢ST P ∧ JP Kℓ ⊢LL JΓKℓ)

n P ↓ f of K , P ∈ : ∃Γ, f. (Γ ⊢ST P ∧ JΓ Ku ⊢≺ JP Ku ) n o In words, L contains those well-typed session π-calculus processes whose corresponding translation as a process in §3.1 (using J·Kℓ as in Definition 4.1) is also typable in the linear logic interpretation, with propositions obtained using the encoding on types J·Kℓ (Figure 10). Similarly, K contains those well-typed f session π-calculus processes whose corresponding translation as a dyadic π-calculus process (using J·Ku as in Figure 7) is also typable under Kobayashi’s type system, with usage types derived using the encoding on types J·Ku (Figure 8). Notice that L and K contain both composable and uncomposable processes (cf. Definition 2.2). As informally discussed in the Introduction, processes in L and K satisfy the progress property, defined in [CD10] and further studied in [CDM14]. As a consequence: • Uncomposable processes in L (typable with ∆= ·) are deadlock-free by following eorem 3.2. Sim- ilarly, uncomposable processes in K (typable with Γ= ∅) are deadlock-free by the indirect approach formalised by eorem 3.4 and Definition 3.2 and Corollary 3.2. • Composable processes in L (typable with ∆ 6= ·) and K (typable with Γ 6= ∅) may be stuck, because they lack communicating counterparts as described by their (non-empty) typing context. ese miss- ing counterparts will be formalized as a catalyzer [CD10] that allows a process to further reduce, thereby “unstucking it”. Although we are interested in the (sub)class of processes that satisfy deadlock freedom, we have defined L and K more generally as processes in P satisfying progress; this simplifies the definition and presentation of our technical contributions.

4.1.2 e Class µK We now define µK, a strict class of K obtained by internalizing key features of linear logic interpretation in §3.1 into the rules of Figure 6. Considering the type system is summarized in §3.2, µK will arise from a type system modified as follows: Types Because session types are strictly sequential, we restrict Definition 3.8 to channel types of the form chan(τ1, τ2 ; U) where U is a sequential usage (cf. Definition 3.3). All other notions (obligations and capabilities, the semantics of usages, the notion of reliability) are kept unchanged.

20 (Tπ-Tup) (Tπ-LVal) (Tπ-Var) µ µ µ Γ1 ⊢≺ v1 : τ1 Γ2 ⊢≺ v2 : τ2 v = v1, v2 τ = τ1, τ2 Γ ⊢≺ v : τj ∃j ∈ I µ µ µ x : τ ⊢≺ x : τ Γ1 | Γ2 ⊢≺ v : τ Γ ⊢≺ lj v : hli : τiii∈I e e (Tπ-IndPar) (Tπ-Nil) µ µe e Γ1 ⊢≺ P Γ2 ⊢≺ Q dom(Γ1) ∩ dom(Γ2)= ∅ µ 0 µ ∅⊢≺ Γ1, Γ2 ⊢≺ P | Q

(Tπ-Par+Res) µ µ Γ1, x : chan(τ ; U1) ⊢≺∪≺1 P1 Γ2, x : chan(τ ; U2) ⊢≺∪≺2 P2 dom(Γ1) ∩ dom(Γ2)= ∅ i ∈{1, 2} ≺i= {(x, y) | y ∈ fn(Pi) \{x}} rel(U1 | U2) µ ν Γ1 | Γ2 ⊢≺ ( x)(P1 | P2)

(Tπ-BOut) µ ′ ′ µ Γ1,y : chan(τ ; U1) ⊢≺′ y : chan(τ ; U1),y : chan(τ ; U) Γ2,y : chan(τ ; U2) ⊢≺′ P ′ ′ ′ rel(U1 | U2) ≺ =≺ ∪{(y,z) | z ∈ fn(P ) \{y}} y = y,y τ = τ, τ 0 µ ν x : chan(τ ;!κ);≺ (Γ1 | Γ2) ⊢≺ ( y)xhyi.P e e (Tπ-In) (Tπ-Case) µ e µ e µ Γ, z : τ ⊢≺ P Γ1 ⊢≺ v : hli : τiii∈I Γ2, xi : τi ⊢≺ Pi ∀i ∈ I 0 µ µ case of x : chan(τ ; ?κ);≺ Γ ⊢≺ x(z).P Γ1 | Γ2 ⊢≺ v {li xi ⊲ Pi}i∈I e e e e Figure 11: Typing rules for the π-calculus (§ 3.2.1), which specialize those in Figure 6 to deﬁne the class µK. Typing rules for values appear in the ﬁrst line; the remaining typing rules are for processes.

µ Typing Rules e type system considers judgments of the form Γ ⊢≺ P . e typing rules are given in Figure 11; they are based on those in Figure 6 with the following modifications. First, we consider Rule (Tπ-BOut), which accounts for bound output as used in the type discipline in § 3.1. Second, to account for the “composition plus hiding” principle, we merge Rules (Tπ-Res) and (Tπ-Par) into Rule (Tπ- Par+Res). In this modified rule, the parallel usage appears exclusively for the purpose of ensuring reliability. Finally, we include Rule (Tπ-IndPar) to account for independent parallel composition as expressed by the mix principle in §3.1. We use this modified type system to define µK, following Definition 4.4: Definition 4.5 (µK). e class of processes µK is defined as follows:

P ↓ f µ f µK , P ∈ : ∃Γ, f. (Γ ⊢ST P ∧ JΓ Ku ⊢≺ JP Ku ) n o Considerations about (un)composable processes in µK hold exactly as described for K.

4.2 Main Results We start by separating K and µK. First, we have the following: µ Lemma 4.1. Let P be a dyadic π-calculus process as in §3.2.1. If Γ ⊢≺ P then Γ ⊢≺ P .

21 Proof. By induction on the type derivation for P , with a case analysis on the last applied typing rule. We µ rely on the analogue property for values (if Γ ⊢≺ v then Γ ⊢≺ v), which is immediate. We discuss only µ the cases featuring key diﬀerences between ⊢≺ (Figure 11) and ⊢≺ (Figure 6) arise:

• If the last applied rule is (Tπ-BOut), then P = (νy)xhy,y′i.P ′ and

µ ′ ′ µ Γ1,y : chan(τ ; U1) ⊢≺′ y : chan(τ ; U1),y : chan(τ ; U) Γ2,y : chan(τ ; U2) ⊢≺′ P ′ rel(U1 | U2) ≺ =≺ ∪{(y,z) | z ∈ fn(P ) \{y}} µ ν ′ Γ ⊢≺ ( y)xhy,y i.P

′ 0 ′ with Γ = x : chan(τ, τ ;!κ);≺ (Γ1 | Γ2). We have Γ1,y : chan(τ ; U1) ⊢≺′ y : chan(τ ; U1),y : ′ chan(τ ; U). Also, by IH: Γ2,y : chan(τ ; U2) ⊢≺′ P . We show that P can be typed using Rules (Tπ-Out) and (Tπ-Res) in sequence. First we have:

′ ′ Γ1,y : chan(τ ; U1) ⊢≺′ y : chan(τ ; U1),y : chan(τ ; U) Γ2,y : chan(τ ; U2) ⊢≺′ P ′ 0 ′ x : chan(τ, τ ;!κ);≺ (Γ1 | Γ2 | y : chan(τ ; U1 | U2)) ⊢≺ xhy,y i.P

Now, because by assumption we have rel(U1 | U2), we can use Rule (Tπ-Res) to derive

• If the last applied rule is (Tπ-Par+Res), then P = (νx)(P1 | P2) and µ µ Γ1, x : chan(τ ; U1) ⊢≺∪≺1 P1 Γ2, x : chan(τ ; U2) ⊢≺∪≺2 P2 dom(Γ1) ∩ dom(Γ2)= ∅ i ∈{1, 2} ≺i= {(x, y) | y ∈ fn(Pi) \{x}} rel(U1 | U2) µ ν Γ ⊢≺ ( x)(P1 | P2)

where Γ=Γ1 | Γ2. By IH, we have Γi, x : chan(τ ; Ui) ⊢≺∪≺i Pi, with i ∈{1, 2}. We show that P can be typed using Rules (Tπ-Par) and (Tπ-Res) in sequence. First, we have:

Γ1, x : chan(τ ; U1) ⊢≺∪≺1∪≺2 P1 Γ2, x : chan(τ ; U2) ⊢≺∪≺1∪≺2 P2

Γ1 | Γ2 | x : chan(τ ; U1 | U2) ⊢≺∪≺1∪≺2 P1 | P2

where we have weakened, in both cases, the partial orders for P1 and P2. Now, because by assumption we have rel(U1 | U2), we can use Rule (Tπ-Res) to derive

Γ1 | Γ2 | x : chan(τ ; U1 | U2) ⊢≺∪≺1∪≺2 P1 | P2 rel(U1 | U2)

Γ1 | Γ2 ⊢≺ (νx)(P1 | P2)

• Finally, if the last applied rule is (Tπ-IndPar), then process P = P1 | P2, which can be immediately typed using Rule (Tπ-Par).

As a result of Lemma 4.1, properties derived from typing in § 3.2 (type preservation and deadlock µ freedom) hold in the modified type system ⊢≺ and apply to processes in µK. us, µK ⊆ K. µ e modifications defined in § 4.1.2 make ⊢≺ a strict subsystem of the system ⊢≺ in § 3.2. Indeed, because the converse of Lemma 4.1 does not hold, there are processes in K but not in µK:

22 Lemma 4.2. µK ⊂ K. Proof. Because µK is obtained by restricting the typing rules of K, it is immediate that µK ⊆ K. In the following, we show that this inclusion is strict, by showing that K contains (deadlock-free) session processes not in µK. A representative example is:

P , (νa1b1)(νa2b2)(a1(x). a2hxi | b1hni.b2(z)) f ν ν ν ′ ′ ν ′ n ′ JP Ku = ( c)( d)(c(x, w). ( d )dhx, d i | ( c )ch ,c i. d(z,u))

f is process is not in µK because JP Ku involves the composition of two parallel processes which share f T -Par T -Res µ two sessions. Hence, JP Ku is typable in ⊢≺ (using Rules ( π ) and ( π ) in Figure 6) but not in ⊢≺, because of the forms of composition admied by Rule (Tπ-Par+Res) in Figure 11. We now show that L and µK coincide. We need an important property, given by Lemma 4.4, which connects our encodings of (dual) session types into usage types with reliability (Deﬁnition 3.7), a central notion to the type systems for deadlock freedom in Figure 6 and Figure 11. First we have the following result, which connects our encodings of types and the notion of duality.

Lemma 4.3. Let T,S be session types. en, the following hold: (i) T = S if and only if JT Kℓ = JSKℓ; (ii) T = S if and only if JT Ku = JSKu. Proof. By induction on the duality relation of session types.

Given a channel type τ = chan(τ ; U), we write u(τ) to denote the usage U.

Lemma 4.4. Let T be a session type. en rel(u(JT Ku) | u(JT Ku)) holds. e Proof. e proof proceeds by induction on the structure of T , using Lemma 4.3.

• T = !T1.T2 for some T1,T2. By deﬁnition of duality, T = ?T1.T2. en,

0 JT Ku = chan(JT1Ku, JT2Ku ;!0) 0 JT Ku = chan(JT1Ku, JT2Ku ; ?0)

• T = ?T1.T2, for some T1,T2. By deﬁnition of duality, T = !T1.T2. en,

0 JT Ku = chan(JT1Ku, JT2Ku ; ?0) 0 JT Ku = chan(JT1Ku, JT2Ku ;!0)

u u 0 0 us, (JT Ku) | (JT Ku) = ?0 | !0 and the thesis holds as in the previous case.

23 • T =&{li : Si}i∈I , for some Si. By deﬁnition of duality, T = ⊕{li : Si}i∈I . en,

0 JT Ku = chan(hli : JSiKuii∈I ; ?0) 0 JT Ku = chan(hli : JSiKuii∈I ;!0)

u u 0 0 us, (JT Ku) | (JT Ku) = ?0 | !0 and the thesis holds just as in case T = ?T1.T2.

• T = ⊕{li : Si}i∈I , for some Si and i ∈ I: similar to the previous cases.

We then have the following result: eorem 4.1. L = µK. Proof (Sketch). We prove two lemmas: (i) If P ∈ L then P ∈ µK and (ii) If P ∈ µK then P ∈ L. Both lemmas are proven by structural induction on P ; see §A.1 (Page 42) for details. erefore, we have the following corollary, which aests that the class of deadlock-free session processes induced by linear logic interpretations of session types (cf. § 3.1) is strictly included in the class induced by the indirect approach of [DGS12] (cf. §3.2). Corollary 4.1. L ⊂ K. e fact that (deadlock-free) processes such as P (cf. Lemma 4.2) are not included in L is informally discussed by Caires et al. in [CPT16, §6]. e discussion in [CPT16] highlights the principle of “composition plus hiding” (enforced by Rule (T-cut), cf. Figure 5) as a feature that distinguishes logically motivated session type systems from other type systems (in particular, the one in [GH05]), which can type P but also deadlocked variants of it (cf. Example 2.1). However, Caires et al. give no formal comparisons with other classes of deadlock-free processes.

5 Translating K into L

Having established and characterized the differences between deadlock-free session π-calculus processes in L and K, in this section we explore how fundamental these differences really are. To this end, we define a type-preserving translation from processes in K into processes in L. One leading motivation for looking into a translation is that the separation result established by Corol- lary 4.1 can be seen as being subtle, in the following sense. Consider a process P that belongs to K but not to µK because one of its subprocesses does not conform to the (restrictive) form of typed parallel composition enforced by Rule (Tπ-Par+Res) in Figure 11. e fact that P ∈K\ µK implies that P features forms of session cooperation that are intrinsically sequential and admied by Rules (Tπ-Res) and (Tπ-Par) in Figure 6; this means that subprocesses of P must become more independent (concurrent) to be admied in µK. We illustrate this intuition with an example: Example 5.1 (Idea of the Translation). Recall process P in Lemma 4.2:

P , (νa1b1)(νa2b2)(a1(x). a2hxi | b1hni.b2(z))

We have that P ∈ K but P 6∈ µK: each sub-process features two independent sessions occurring in sequence.

24 Consider now the following variant of P , in which the le subprocess has been kept unchanged, but the right subprocess has been modiﬁed to increase concurrency:

′ P , (νa2b2)((νa1b1)(a1(x). a2hxi | b1hni.0) | b2(z).0)

′ Indeed, by replacing b1hni.b2(z) with b1hni.0 | b2(z).0, we have that P ∈ µK. Here we propose a translation that converts any typable session process into a process in L (i.e. µK). e translation, given in §5.2, follows the idea of Example 5.1: given a parallel process as input, return as output a process in which one of the components is kept unchanged, but the other is translated by using representatives of the sessions implemented in it, composed in parallel. Such parallel representatives are formally deﬁned as characteristic processes and catalyzers, which we introduce next.

5.1 Characteristic Processes and Catalyzers We need some preliminary notions. A characteristic process of a session type T represents the smallest process in L inhabiting it. Deﬁnition 5.1 (Characteristic Processes of a Session Type). Given a name x, the set of characteristic processes of session type T , denoted h|T |ix, is inductively deﬁned as follows:

h|end|ix , {0} h|?T ′.S|ix , x(y).(P | Q): P ∈ h|T ′|iy ∧ Q ∈ h|S|ix ′ x y x h|!T .S|i , x(y).(P | Q): P ∈ h|T ′|i ∧ Q ∈ h|S|i x x h|&{li : Si}i∈I |i , x⊲ {li : Pi}i∈I : ∀i ∈ I. Pi ∈ h|Si|i x x h|⊕ {li : Si}i∈I |i , x⊳li.Pi : Pi ∈ h|Si|i i∈I [ e previous definition extends to typing contexts by composing in parallel independent characteristic processes, one for each of the session types declared in the context. is reflects that sessions in a context declare independent structures of communication. Definition 5.2 (Characteristic Processes of a Session Typing Context). Given a context Γ = wi w1:T1,...,wn:Tn, we shall write h|Γ|i to stand for the set {(P1 | ··· | Pn): Pi ∈ h|Ti|i }. Characteristic processes are well-typed in the system of §3.1 (cf. Figure 5): Lemma 5.1. Let T be a session type and Γ be a session context.

x 1. For all P ∈ h|T |i , we have P ⊢LL x : JT Kℓ.

2. For all P ∈ h|Γ|i, we have P ⊢LL JΓKℓ. Proof. e proof of Part 1 is by induction on the structure of T . e proof of Part 2 is by induction on the size of Γ, using Part 1. See §B.1 (Page 48) for details. Let us use ‘[·]’ to denote a hole and C[·], C′[·],... to denote process contexts (i.e., a process with a hole). Building upon characteristic processes, a catalyzer for a typing context is a process context that implements the behaviors it declares.

25 Deﬁnition 5.3 (Catalyzers of a Session Typing Context). Given a session typing context Γ, we deﬁne its set of associated catalyzers, noted CΓ, inductively as follows:

[·] if Γ= ∅ C , Γ ν x ′ (( x)(C[·] | P ): C[·] ∈CΓ′ ∧ P ∈ h|T |i if Γ=Γ , x : T Given a context Γ= x1 : T1,...,xn : Tn, let us write Γ to denote the context x1 : T1,...,xn : Tn, i.e., the context obtained by “dualising” all the types in Γ. e following statement formalizes the complementarity, in terms of session behaviors, between a well-typed process in L and its associated catalyzers:

′ ′ Lemma 5.2 (Catalyzers Preserve Typing). Let P ⊢LL JΓKℓ, JΓ Kℓ and C[·] ∈CΓ. en C[P ] ⊢LL JΓ Kℓ. Proof. Follows from Deﬁnition 5.3, which deﬁnes C[·] as a composition of characteristic processes, and Lemma 5.1 (Part 1), which ensures the appropriate type for each of them.

5.2 Translating K into L Our translation, given in Deﬁnition 5.4, transforms a session-typed process in K into a set of L processes. Unsurprisingly, a delicate point in this translation is the treatment of parallel composition, which follows the intuition of the transformation of P into P ′ motivated in Example 5.1: keep half of a parallel process unchanged, and increase the parallelism in the other half. is way, our translation returns a set of processes because we wish to account for both these two alternatives, for the sake of generality. Intuitively, given a well-typed session process P1 | P2, our translation produces two sets of processes: the ﬁrst one collects processes of the form Q1 | G2, where Q1 composes the translation of P1 within an appropriate catalyzer and G2 is a characteristic process that implements all sessions declared in the typing of P2. Similarly, the second set collects processes of the form G1 | Q2, where Q2 composes the translation of P2 within an appropriate catalyzer and G1 is a characteristic process that implements all sessions declared in the typing for P1. is way, by translating one subprocess and replacing the other with parallel representatives (G1 and G2), the translated processes are more independent, and the circular dependencies—the heart of deadlocked processes—are systematically ruled out. We require some auxiliary notations. Notation 5.1 (Bound Names). Concerning bound names and their session types:

• We annotate bound names with their session types: we write (νx1y1 : T1) ··· (νxnyn : Tn)P and x(y : T ).P , for some session types T,T1,...,Tn. ] • We sometimes write Γ, x : T ⊢ST P as shorthand notation for Γ, x1 : T1,...,xn : Tn ⊢ST P . Similarly, we write (νxy : T )P to abbreviate (νx1y1 : T1) ··· (νxnyn : Tn)P .

Using these notations for bounde names, we introduce the following notation for well-typed parallel processes, in which “hidden”e sessionse are explicitly denoted by brackets: Notation 5.2 (Hidden/Bracketed Sessions). We shall write ] ] Γ1, [x : S] ⋆ Γ2, [y : T ] ⊢ST (νxy : S)(P1 | P2) whenever Γ , Γ ⊢ST (νx y ) ··· (νx y )(P | P ) holds with Γ , x : S ,...,x : S ⊢ST P , Γ ,y : 1 2 1 1 n n 1 2 ee e1 1 1 n n 1 2 1 T1,...,yn : Tn ⊢ST P2, and Si = Ti, for all i ∈{1,...,n}.

26 un LΓ ⊢ST 0M , 0

′ ′ LΓ, x :!T.S, v : T ⊢ST xhvi.P M , x (z).([v ↔z] | Q): Q ∈ LΓ, x : S ⊢ST P M

LΓ1, Γ2, x :!T.S ⊢ST (νzy)xhyi.(P1 | P2)M ,

x(y).(Q1 | Q2): Q1 ∈ LΓ1,z : T ⊢ST P1M ∧ Q2 ∈ LΓ2, x : S ⊢ST P2M ′ ′ LΓ, x : ?T.S ⊢ST x(y : T ).P M , x(y).Q : Q ∈ LΓ, x : S,y : T ⊢ST P M

′ ′ LΓ, x : ⊕{li : Si}i∈I ⊢ST x⊳lj .P M , x⊳lj .Q : Q ∈ LΓ, x : Sj ⊢ST P M

LΓ, x :&{li : Si}i∈I ⊢ST x⊲ {li : Pi}i∈I M , x⊲ {li : Qi}i∈I : Qi ∈ LΓ, x : Si ⊢ST PiM ] ] LΓ1, [x : S] ⋆ Γ2, [y : T ] ⊢ST (νxy : S)(P1 | P2)M , ] C1[Q1] | G2 : Q1 ∈ LΓ1, x : S ⊢ST P1M, C1 ∈C], G2 ∈ h|Γ2|i ee e x:T ∪

] ST G1 | C2[Q2]: Q2 ∈ LΓ2, y : T ⊢ P2M, C2 ∈C]y:S, G1 ∈ h|Γ1|i Figure 12: Translation L·M (cf. Deﬁnition 5.4).

We are now ready to give the ﬁrst translation from session processes into L:

Definition 5.4 (Translation into L). Let P be such that Γ ⊢ST P and P ∈ K. e set of L processes LΓ ⊢ST P M is defined in Figure 12. Our translation operates on typing judgments: a well-typed session process is translated using the information declared in its typing context. Although the translation could be defined for arbitrary session processes (even deadlocked ones), membership in K plays a role in operational correspondence (see below). We discuss the different cases in Figure 12:

• e process 0 is translated into the singleton set {0} provided that the associated typing context Γ contains only completed sessions (recall that Γun stands for un(Γ)). • e translation of output- and input-preﬁxed processes is self-explanatory; in the former case, we translate the free output available in K by exploiting a forwarding process in L (cf. Deﬁnition 4.1). e translation of selection and branching processes also follows expected lines.

• e last case of the definition handles processes in parallel, possibly with restricted sessions; we use Notation 5.2 to make such sessions explicit. As hinted at above, the translation of a parallel process (νxy : S)(P1 | P2) in K results into two different sets of L processes: the first set contains processes of the form C1[Q1] | G2, where, intuitively: ee e • Q1 belongs to the set that results from translating subprocess P1 with an appropriate typing judgment, which includes x]: S.

27 ] • C1 belongs to the set of catalyzers that implement the context x : T , i.e., the dual behaviors of the sessions implemented by P1 (cf. Deﬁnition 5.3). is step thus removes the double restriction operator.

• G2 belongs to the set of characteristic processes for Γ2, which describes the sessions implemented by P2 (cf. Deﬁnition 5.2).

e explanation for the processes of the form G1 | C2[Q2] in the second set is completely dual.

As we will see, processes C1[Q1] | G2 (and G1 | C2[Q2]) preserve by construction the typing of (νxy : S)(P1 | P2): process C1[Q1] (resp. C2[Q2]) is typable with context Γ1 (resp. Γ2); process G2 (resp. G1) is typable with context Γ2 (resp. Γ1)—see eorem 5.1 below. e We illustrateee the translation by means of an example. Example 5.2 (e Translation L·M at Work). Consider again the process P used in Lemma 4.2. Let T , !end.end and S , ?end.end. Clearly, S = T . We have the following derivation.

(T-In) (T-Out) a1 : S,a2 : T ⊢ST a1(x). a2hxi.0 b1 : T,b2 : S, n : end ⊢ST b1hni.b2(z).0 (T-Par) a2 : T,b2 : S,a1 : S,b1 : T, n : end ⊢ST a1(x). a2hxi.0 | b1hni.b2(z).0 (T-Res) a1 : ?end.end,b1 :!end.end, n : end ⊢ST (νa2b2)(a1(x). a2hxi.0 | b1hni.b2(z).0) (T-Res) n : end ⊢ST (νa1b1)(νa2b2)(a1(x). a2hxi.0 | b1hni.b2(z).0)

Before detailing the set Ln : end ⊢ST P2M, we spell out the main ingredients required:

La1 : S,a2 : T ⊢ST a1(x). a2hxi.0M = {a1(x).a2(z).([x↔z] | 0)}

Lb1 : T,b2 : S, n : end ⊢ST b1hni.b2(z).0M = {b1(u).([n↔u] | b2(z).0)} h|T |ix = {x(z).(0 | 0)} h|S|ix = {x(z).(0 | 0)} ν ν a1 a2 Ca1:T,a2:S = {( a1)(R1 | ( a2)(R2 | [·])) : R1 ∈ h|S|i , R2 ∈ h|T |i }

= {(νa1)(a1(z).(0 | 0) | (νa2)(a2(z).(0 | 0) | [·]))} ν ν b1 b2 Cb1:S,b2:T = {( b1)(Q1 | ( b2)(Q2 | [·])) : Q1 ∈ h|T |i ,Q2 ∈ h|S|i }

= {(νb1)(b1(z).(0 | 0) | (νb2)(b2(z).(0 | 0) | [·]))}

Exploiting Notation 5.2, judgement n : end ⊢ST P can be wrien as

[a1 : S,a2 : T ] ⋆ n : end, [b1 : T,b2 : S] ⊢ST (νa1b1)(νa2b2)(a1(x). a2hxi.0 | b1hni.b2(z).0) We may now deﬁne the translation of P into L:

L[a1 : S,a2 : T ] ⋆ n : end, [b1 : T,b2 : S] ⊢ST (νa1b1)(νa2b2)(a1(x). a2hxi.0 | b1hni.b2(z).0)M n end n 0 = C1[Q1] | h| : |i : C1 ∈Ca1:T,a2:S,Q1 ∈ La1 : S,a2 : T ⊢ST a1(x). a2hxi. M

n end ST n 0 ∪ C2[Q2]: C2 ∈Cb1:S,b2:T ,Q2 ∈ Lb1 : T,b2 : S, : ⊢ b1h i.b2(z). M ν 0 0 ν 0 0 0 n end n = ( a1)(a1(z).( | ) | ( a2)(a2(z).( | ) | a1(x).a2(z).([x↔z] | ))) | h| : |i , ν 0 0 ν 0 0 n 0 ( b1)(b1(z).( | ) | ( b2)(b2(z).( | ) | b1(u).([ ↔u] | b2(z). )))

28 Above, P has two parallel components and so set Ln : end ⊢ST P M has two elements, representing the two diﬀerent possibilities for “dividing” the sequential structure of P into more parallel processes.

5.2.1 Properties We present two important results about our translation. First, it is type preserving, up to the encoding of types given in Figure 10:

eorem 5.1 (e Translation L·M is Type Preserving). Let Γ ⊢ST P . en, for all Q ∈ LΓ ⊢ST P M, we have that Q ⊢LL JΓKℓ.

Proof. By induction on the derivation Γ ⊢ST P . See §B.2 (Page 50) for details. eorem 5.1 is meaningful, for it says that the session type “interface” of a process (i.e., the set of sessions it implements) is not modiﬁed by the translation. at is, L·M modiﬁes the process structure by closely following the session typing discipline. To establish properties with respect to reduction, we start with a useful notation:

Notation 5.3. Let us write Γ ⊢ST P1, P2 whenever both Γ ⊢ST P1 and Γ ⊢ST P2 hold. Similarly, let us write P1, P2 ⊢LL Γ, whenever both P1 ⊢LL Γ and P2 ⊢LL Γ hold. Before showing how our translation satisfies an operational correspondence result (cf. eorem 5.2), we illustrate the need for a useful auxiliary definition, which will allow us to relate processes typable under the same typing context but featuring a different parallel structure (cf. Definition 5.5).

Example 5.3 (e Parallel Structure of Typable Processes). Let P ⊢LL ∆ where P , (νx)(xhvi.P1 | x(z).P2) and ∆ = ∆1, ∆2, v : T . Consider the following reduction from P , obtained using the rules in Figure 4:

v (νx)( xhvi.P1 | x(z).P2 ) → (νx)( P1 | P2[ /z] ) , Q

∆1, v : T ∆2 ∆1 ∆2, v : T | {z } | {z } |{z} | {z } Here we are using a free output process, namely xhvi.P1, as a shortcut for x(z).([v ↔ z] | P1); recall that this process is typable using Rules (T-id) and (T-⊗) in Figure 5. Observe that name z is free with scope P2; for typing to hold, it must be the case that z : T in P2. By eorem 3.1, Q ⊢LL ∆1, ∆2, v : T . Let us consider the typing of P and Q in relation to their parallel structure. We can notice that even though the typing context ∆ remains the same under reduction, the “parallel decomposition” changes aer reduction, as highlighted by the under brackets. In particular, the type assignment v : T , at first related to the le-hand side component in P , “jumps” aer reduction to the right-hand side component in Q. is phenomenon is due to value passing: aer reduction, a substitution occurs in the continuation process P2, where v might be used in different ways. For instance, v could occur within a sequential position within P2 or at top-level in one of its parallel subprocesses. ′ Now, consider process Q , which contains subprocesses P1 and P2 from Q but has a different form of parallelism: ′ Q , (νx)( P1 | (νz)(P2 | Pz) | Pv )

∆1 ∆2 v : T ′ Here, Pz and Pv are characteristic processes|{z} implementing| {z T along} |{z}z and v, respectively. Clearly, Q ⊢LL ′ ∆1, ∆2, v : T , just as Q, but its parallel structure is diﬀerent: in Q we have two separate subprocesses in

29 parallel, one typed according to ∆2, the other according to v : T . In (νz)(P2 | Pz), process Pz provides one of the counterparts for P2; this interaction is hidden by restriction (νz) and so the resulting typing ′ context is ∆2. By using Pv, the type interface of Q is exactly as that of Q; by using it in parallel position, their parallel structure will be diﬀerent whenever z occurs in P2 in a sequential position. We are interested in capturing the parallelization relation between processes such as Q and Q′ in Ex- ample 5.3, because it serves to explain how translated processes behave under reduction. is relation is formalised in Deﬁnition 5.5 below:

Deﬁnition 5.5 (Parallelization Relation). Let P and Q be processes such that P,Q ⊢LL Γ. We write P + Q if and only if there exist processes P1, P2,Q1,Q2 and contexts Γ1, Γ2 such that the following hold:

P = P1 | P2 Q = Q1 | Q2 P1,Q1 ⊢LL Γ1 P2,Q2 ⊢LL Γ2 Γ=Γ1, Γ2

is definition says that two processes P and Q, typed under the typing context Γ, are related by +, if they can be decomposed into parallel subprocesses, which are typed under the same decomposition of Γ. is way, for processes Q and Q′ from Example 5.3, relation Q + Q′ holds. By definition, the relation + is reflexive. It will appear in our operational correspondence result, given .(next. Below, let ֒→ denote structural congruence (cf §2.1) extended with a reduction by Rule (R-Fwd) (cf. §3.1 We may now state:

eorem 5.2 (Operational Correspondence for L·M). Let P be such that Γ ⊢ST P for some typing context Γ. en, we have:

If P → P ′, then for all Q ∈ LΓ ⊢ST P M there exist Q′, R such that Q →֒→ Q′, Q′ + R, and .1 R ∈ LΓ ⊢ST P ′M.

,′ If Q ∈ LΓ ⊢ST P M, such that P ∈ K, and Q →֒→ Q′, then there exist P ′, R such that P → P .2 Q′ + R, and R ∈ LΓ ⊢ST P ′M. Proof. By induction on the length of the derivations P → P ′ and Q → Q′. See §B.3 for details. Part 1 of eorem 5.2 certifies that our translation tightly preserves the behavior of the session process given as input. e parallelization relation + (cf. Definition 5.5) is crucial when the reduction P → P ′ involves value passing: in that case, process Q′, obtained from the translated process Q, may have a different parallel structure than R—just as Q and Q′ from Example 5.3. Part 2 relates the behavior of a translated process with respect to that of the session process given as input, with + playing a role similar as in Part 1. Unlike Part 1, in Part 2 we require P to be in K, i.e., P must be deadlock-free for the correspondence to hold. Indeed, if P is not in K then Q (its deadlock-free, translated variant) could have reductions not enabled in P due to deadlocks.

5.3 Discussion: Translating K into L Exploiting Value Dependencies Process prefixes can induce causality relations not accounted for by session types. One kind of causality relations are at the heart of deadlocked processes, in which session interleavings in process prefixes leads to circular dependencies between independent sessions (cf. Example 2.1). Another kind of causality relations are the value dependencies induced by value exchanges: they occur when a value received in one session is sent along a different one.

30 Example 5.4 (A Value Dependency). Let P be the process

P , (νa0b0)(a0hni.a1(u).a2hui.0 | b0(v).(b2(y).y(x).0 | (νwz)(b1hwi.zhni.0))) Also, let U , ?end.end. Consider the typing judgment for the lemost parallel process a0hni.a1(u).a2hui.0:

a0 :!end.end,a1 : ?U.end,a2 :!U.end ⊢ST a0hni.a1(u). a2hui.0

Although the typing for a1 and a2 states that they are independent sessions, actually they are causally related: the process forwards along a2 the value of type U received on a1. By considering the typing for P

a1 : ?U.end,a2 :!U.end,b2 : ?U.end,b1 :!U.end ⊢ST P we see that the forwarded value is w, which is delegated by the rightmost parallel process, (νwz)(b1hwi.zhni.0). In the terminology of Boreale and Sangiorgi [BS98], value dependencies are both subject and object dependencies. In a0hni.a1(u).a2hui.0 there is a subject dependency: the input on a1 enables the output on a2; there is also an object dependency: the name received on a1 is used as object in the output on a2. Indeed, Boreale and Sangiorgi argue that in most cases an object dependency is also a subject dependency. While intuitive, the translation L·M does not preserve value dependencies: in translating a process with parallel components, a subprocess containing a value dependency can be replaced by an equally typed process in which such a dependency is no longer present: Example 5.5 (Value Dependencies in L·M). Let process P and type U be as in Example 5.4. Consider the set of processes La1 : ?U.end,a2 :!U.end,b1 :!U.end,b2 : ?U.end ⊢ST P M obtained using Deﬁnition 5.4. One process in this set is the following: 0 ν n 0 Q = G1 | G2 | Cb0:?end.end b0(v).(b2(y).y(x). | ( wz)(b1hwi.zh i. ))

a1 a2 where G1 ∈ h|?U.end|i and G2 ∈ h|!U.end |i . Since G1 and G2 are independently defined, the name received along a1 in G1 cannot be the same session sent along a2 in G2. us, the value dependence between a1 and a2 in P , has disappeared in its translation as Q. To address this limitation of L·M, we have defined an optimized translation that preserves value dependencies. Here we discuss the key elements of this optimization; the full technical development is presented in Appendix C. e optimization is obtained as follows: 1. Detecting value dependencies requires gathering further information on how types are implemented by process prefixes. To this end, we extend the type system of §2 with annotated output and input session types, wrien !nS.T and ?nS.T (with n ≥ 0), which specify the position of an associated prefix within the process. is way, e.g., type !0S.T is associated to an output prefix at top-level. Also, we have typing judgments Γ ⋄ Ψ ⊢ST P where the typing context Γ is as before and Ψ is a dependency context that describes all communication prefixes in P and their distance to top-level. is context contains tuples of the form (a1, u, 1) and ha2, u, 2i; the former can be read as “there is an input on a1 with placeholder u one prefix away from top-level”, whereas the laer can be read as “there is an output on a2 with object u two prefixes away from top-level”. Using Ψ, we formally define value dependencies as pairs: we write (an,bm) to denote a value dependency of an (output) prefix along session b on an (input) prefix along session a.

31 2. We exploit the value dependencies in Ψ to refine the definitions of characteristic processes (Defini- tion 5.1) and catalyzer contexts (Definition 5.3) of a typing context Γ:

• e set of characteristic processes of Γ that exploits Ψ is denoted h|Γ|iΨ: it implements value dependencies in Ψ using so-called bridging sessions that connect the characteristic processes of the two types involved in the dependency. • e set of catalyzer contexts of Γ handles value dependencies in Ψ by “isolating” them using dedicated forwarder processes and characteristic processes. 3. Using these refined definitions, we define the optimized translation L·MV. Main differences with respect to the translation defined in Figure 12 appear in the translation of parallel processes. As before, process (νxy : S)(P1 | P2) is translated into processes of two forms: C1[Q1] | G2 and G1 | C2[Q2], where Q1 (resp. Q2) stands for the translation of P1 (resp. P2). e difference is that the catalyzers C1, C2 ande thee characteristice processes G1, G2 are now obtained exploiting value dependencies (as explained in (2)). As L·M, the optimized translation L·MV satisfies type preservation and operational correspondence.

e following example illustrates how L·MV improves over L·M. Example 5.6 (Revisiting Examples 5.4 and 5.5). Let P be as in Example 5.4:

P , (νa0b0)(a0hni.a1(u).a2hui.0 | b0(v).(b2(y).y(x).0 | (νwz)(b1hwi.zhni.0)))

In the extended type system, we have Γ ⋄ Ψ ⊢ST P where 1 2 1 1 Γ , a1 : ? U.end,a2 :! U.end,b2 : ? U.end,b1 :! U.end

Ψ , ha0, n, 0i, (a1, u, 1), ha2, u, 2i, (b0, v, 0), (b2, y, 1), (y, x, 2), hb1, w, 1i, hz, n, 2i 1 2 ′ Using Ψ, we can detect the value dependence (a1,a2). Consider now Q , one particular process included V in the set LΓ ⋄ Ψ ⊢ST P M : ′ ν ′ ′ 0 ν n 0 Q = ( ca1a2 )(Ga1 | Ga2 ) | Cb0:?end.end b0(v).(b2(y).y(x). | ( wz)(b1hwi.zh i. )) ′ end a1 ′ end a2 where Ga1 ∈ h|?U. |iΨ and Ga2 ∈ h|!U. |iΨ are obtained using the refined definition of characteristic processes. With the refined definition, we have that ′ 0 Ga1 = a1(y).ca1a2 (w).([y ↔w] | ) ′ 0 Ga2 = ca1a2 (y).a2(w).([y ↔w] | ) us, the characteristic processes of a type are still independently defined but now implement a bridging ′ session ca1a2 , which ensures that the name received along a1 in Ga1 is the same name outpued along ′ a2 in Ga2 . e characteristic process of a typing context guarantees that bridging sessions are properly ′ composed. is way, the value dependence between a1 and a2, present in P , has been preserved in Q as a result of the refined translation. Although intuitive, the way in which L·MV improves over L·M is somewhat implicit, because value dependencies are accounted for by the revised definitions of characteristic processes and catalyzers as restricted (hidden) sessions. erefore, the implemented value dependencies in these definitions does not influence the observable behavior of the translated process. Formalizing the advantages of L·MV over L·M is an interesting question for future work, because it requires devising new notions of observables for typed processes that “look inside” reductions to ensure that values are forwarded appropriately between the two independent sessions.

32 6 Discussion

Processes with Unbounded Behavior Our investigation has been motivated by the proliferation of type systems for ensuring safety and liveness properties of mobile, concurrent processes. Different type systems enforce different such properties, which include various forms of (dead)lock-freedom, termination, and confluence. In this work, our criteria have been twofold. On the one hand, we have aimed at obtaining objective formal comparisons between well-established type systems, sticking to their original formulations as much as possible. On the other hand, we have concentrated on the intrinsic challenges of statically enforcing deadlock freedom. We have focused on typed processes without constructs for ex- pressing processes with unbounded behavior, such as replication or recursion. is focus was useful to be consistent with these criteria; next we discuss some of the issues involved in going beyond this class of finite processes. In the Curry-Howard correspondences for session types, sharing exponentials ! and ? at the level of propositions/types can be interpreted as input-guarded replication !x(z).Q at the level of proofs/processes. In the classical seing considered here, a channel typed with !A denotes a server able to offer an arbitrary number of copies (including zero) of a process with behavior of type A upon request (an input); dually, a channel typed with ?A denotes a request to such a server (an output). is requires an additional cut rule for exponential (unrestricted) contexts (denoted Θ) as well as typing rules for realizing the sharing semantics of !A and ?A. Other rules are adjusted to account for Θ; for instance, the mix rule becomes:

′ P ⊢LL ∆; Θ Q ⊢LL ∆ ;Θ ′ P | Q ⊢LL ∆, ∆ ;Θ

e resulting logically justiﬁed reduction rule for replication is as follows:

(νx)(x(y).P | !x(z).Q) → (νx)((νy)(P | Q) | !x(z).Q) (1)

e process before the reduction features one linear cut along session x; aer the reduction, the process contains two cuts: the cut on y is linear, whereas the one on x is exponential. e definition of the typed languages L and K (Definition 4.4) can be extended to consider typed processes with replication, which is used in [CP10, CPT16] (in the input-guarded variant described above) and in [Kob06] (where unguarded replication !P is accounted for). Since the type system ⊢ST in [Vas12] admits rather expressive forms of recursion (that go well beyond the server-request interactions enabled by input-guarded replication), the class of “full L” processes would be a strict sub-class of session-typed processes. Now, considering processes with unbounded behavior entails including termination properties into the analysis of (dead)lock-freedom. Crucially, the full Curry-Howard interpretation for session types, including exponentials as explained above, is known to be strongly normalizing and confluent [PCPT14, CP17]. erefore, unbounded behavior in full L concerns unboundedly many copies of finite, deterministic inter- active behaviors. e fact that a single type system simultaneously enforces deadlock freedom, termination, and confluence sharply contrasts to the situation for non-logical type systems: to our knowledge, only the hybrid type system in [KS10] simultaneously ensures these three properties (see below). Clearly, it would be unfair to compare processes that enjoy different properties, i.e., processes in L against well-typed processes in type systems that enforce some, but not all, of deadlock freedom, termination, and confluence. By focusing on finite processes, we have found a fair ground to objectively compare different type systems. e integration of non-logical type systems for (dead)lock-freedom, termination, and confluence is far from trivial, and requires advanced mechanisms. Kobayashi and Sangiorgi [KS10] targeted this goal by

33 defining a parametric hybrid type system based on usages, which enforces the three properties through different methods (not necessarily type systems). As in [Kob02], the syntax of usage types in [KS10] includes replicated usages ∗U, i.e., unboundedly many parallel copies of usage U. (e authors remark that the recursive usages µα.U from [Kob06] are also sound.) To enable fair comparisons against full L, Kobayashi and Sangiorgi’s type system should be restricted so that it allows only input-guarded replicated processes (cf. (1)) and simultaneously enforces (dead)lock-freedom, termination, and confluence. Identifying the syntactic/semantic conditions that enable this restriction seems challenging. Defining such a restricted variant of [KS10] would most likely mean developing a very different type system, therefore departing from the compact abstractions given by usage types. Hence, comparing such a different type system against the canonical language full L would also be unfair. We notice that Curry-Howard interpretations of session types have been extended with forms of (co)- recursive types, which extend (full) L by admiing as typable certain forms of (productive) unbounded behavior—see the works by Toninho et al.[TCP14] and by Lindley and Morris [LM16]. Indeed, the framework in [LM16] can be roughly seen as the extension of the logic-based type system in § 3.1 with corecursion. Although these extensions bring closer logically motivated and non-logical type systems (which oen do not ensure termination), the forms of co-recursive unbounded behavior enabled by [TCP14, LM16] preserve the intrinsic confluent, deterministic behavior inherited from logical foundations. is prevents fair comparisons with type systems for deadlock freedom of unbounded/cyclic communication structures which do not guarantee confluence/determinism, such as those by Giachino et al. [GKL14, KL17]. In contrast, the type system for deadlock freedom by Padovani [Pad14] ensures a form of partial confluence, inherited from [KPT99]. Hence, it would seem that there is common ground for comparing the linear type system in [Pad14] and the logically motivated session type system in [LM16]. e actual feasibility of relating these different type systems remains unclear, and should be established in future work.

Other Curry-Howard Interpretations of Session Types As already discussed, our work concerns the Curry-Howard correspondences between (classical) linear logic propositions and session types developed in [CP10, CPT16, Wad12]. In the following, we briefly discuss our results in the context of other correspondences between (variants of) linear logic and session types [DG18, KMP19, QKB21]. Dardha and Gay [DG18] developed Priority-based Classical Processes (PCP), a session type system that rests upon an extension of classical linear logic with Kobayashi’s obligations/capabilities, simplified to priorities by following Padovani [Pad14]. Unlike the type system in [Wad12], the type system of PCP admits processes with safe cyclic topologies. To this end, PCP cuts ties with the “composition plus hiding” principle that is at the heart of L: the Rule(T-cut) is replaced by rules (T-mix) and (T-cycle) that separately treat parallel composition and restriction, respectively. As a result, a multicut rule, which allows composing two processes that may share more than one session, is derivable in PCP. is way, the class of typable processes induced by PCP strictly includes L. Kokke et al. [KMP19] developed Hypersequent Classical Processes (HCP), an interpretation of session types based on the same classical linear logic as in [Wad12] but with a hypersequent presentation. e design of HCP neatly induces a labeled transition semantics for typed processes; it has been further inves- tigated in, e.g., [QKB21, FKD+21]. Also, similarly to PCP, HCP includes separate typing rules for restriction and parallel composition. However, HCP cannot type the kind of safe cyclic process topologies that are typable in PCP: as such, the separate treatment for restriction and parallel composition (enabled by the hypersequent presentation of CLL) does not enhance by itself the topology of processes, and the typable processes in HCP have a tree topology as in L. We conjecture that our separation and unifying results also hold, with minor modifications, for a variant of L based on HCP. We leave such technical investigation as future work.

34 Qian et al. [QKB21] recently proposed Client-Server Linear Logic (CSLL) and a corresponding session type system for π-calculus processes, which uses the hypersequent presentation of[KMP19]. By introducing coexponentials, CSLL captures more expressive client-server behaviours than those usually admied by interpretations of CLL as session types. eir approach consists in abandoning the mix principles as adopted by most systems based on CLL (including the one we deﬁne in §3.1). is way, the mix rules in CSLL only concern disjoint concurrency, as captured by hyperenvironments. As already discussed, in our work the Rule (T-mix) enables us to type the independent parallel composition of processes, as needed in several aspects of our development, such as our separation result based on µK. Exploring how to adapt our results to a system without mix principles is an interesting item for future work.

Correctness Criteria for the Translation e translation L·M defined in §5 is supported by an operational correspondence result, eorem 5.2. Operational correspondence is a well-established correctness criterion, which allows us to certify the quality of a language translation. ere exist other correctness criteria, which typically serve different purposes [Gor10, Par08]. A notable criterion is full abstraction, i.e., that a translation from a source to a target language preserves the respective equivalences. While full abstraction is not informative enough to assert the quality of a translation (see [GN16, Par16] for a discussion), it is quite appropriate to formalise the transfer of reasoning techniques between different calculi. Studying L·M from the perspective of full abstraction would be insightful and requires developing (typed) behavioural equivalences for K and L. We leave such technical developments as future work.

7 Related Work

e analysis of deadlock freedom in concurrency has a rather long and rich history, as discussed in details in [AGN97]. Focusing on type-based approaches to deadlock freedom for communicating processes, early works are by Kobayashi [Kob97]andbyAbramskyetal.[AGN97]. eworkin[AGN97] develops a semantic approach to deadlock freedom for asynchronous communicating processes, building upon categorical foundations. e work in [Kob97] proposes a type system for the π-calculus that builds upon two key ideas: (i) the introduction of usage of channels as types (usage types), and (ii) the classification of channels into reliable and unreliable (where reliable channels are ensured to have deadlock-free interactions). ese ideas have proved rather influential: based on them, a number of extensions and enhancements to type systems for deadlock-free, message-passing processes have been introduced. Kobayashi [Kob07] offers a unified presentation of these developments. e work of Kobayashi and Laneve [KL17] builds upon notions of usage types and reliable channels for the type-based analysis of unbounded process networks. e introduction of type systems based on usage types coincided in time with the introduction of (binary) session types as a type-based approach to ensure safe structured communications [Hon93, THK94, HVK98]. In their original formulation, session types for the π-calculus ensure communication safety and session fidelity, therefore ruling out some (but not all!) of the causes of deadlocked behaviors in communicating processes. In session-based concurrency, deadlocks are due to circular dependencies inside a session, but are also found in subtle entanglements between different protocols/sessions. In particular, session type systems [Vas12] cannot guarantee deadlock freedom of interleaved sessions. To our knowledge, Dezani et al. [DdY08] were the first to address progress/deadlock freedom for session-typed processes. Subsequent works on type-based analyses for deadlock freedom in structured communications include [BCD+08, CV09, CD10, CP10, Pad13, VV13, Pad14]. As discussed in detail in this paper, another approach to deadlock freedom is based on linear logic under a Curry-Howard correspondence [CP10, Wad12], where circular dependencies of communication in

35 processes are eliminated by design, due to Rule (T-cut). As already mentioned, the type system PCP [DG18] allows to type safe cyclic process topologies. Following PCP, Kokke and Dardha [KD21b] define Priority GV (PGV) and its implementation in Linear Haskell [KD21a], which is a core concurrent λ-calculus with priorities, whereas the work of Van den Heuvel and Perez´ [vdHP21] extends PCP with asynchronous communication. Balzer et al. [BTP19] develop a type system that enforces deadlock freedom for a language with manifest sharing, which supports possibly recursive processes in which cycles arise under an acquire- release discipline for shared channels. We note that none of the above works propose a formal comparison between different type systems for deadlock freedom, as we achieve in this paper. Building upon a translation first suggested by Kobayashi [Kob07], the work of Dardha et al. [DGS12, Dar14, DGS17] offered a formal relationship between usage types and session types. Such a relationship made it possible to use type-based analysis techniques for usage types in the analysis of session-typed process specifications; this insight was formalized by Carbone et at. [CDM14, Dar16]. e effectiveness of the approach in [CDM14] is supported by informal comparisons with respect to different type systems for deadlock freedom (including those in [DdY08] and [CD10]) using processes typable in one framework but not in another. A comparison with the workshop version of our work [DP15] is relevant. In [DP15], we introduced the notion of degree of sharing to classify processes in K. Intuitively, the degree of sharing quantifies the greatest number of channels shared by parallel components: processes with a degree of sharing equal to 0 do not share any channels (concurrency without interaction), processes with a degree of sharing equal to 1 share at most one session, and so on. e degree of sharing determines a strict hierarchy of processes (denoted K0, K1,... in [DP15]). is hierarchy, however, is only static—it is not closed under reduction. A recent work by Van den Heuvel and Perez´ [vdHP20] also compares session type systems based on Curry-Howard foundations. In [vdHP20], the focus is on the classes of typable processes induced by classical and intuitionistic presentations of linear logic; the main result is that the class induced by intuitionistic linear logic is strictly contained in the class induced by classical linear logic. at is, classical linear logic leads to more permissive session type systems. e developments in this paper involved several process languages, each with its own type system—note that the type system that defines L (Figure 5) falls under the classical perspective. In contrast, the comparisons in [vdHP20] concern different logically-motivated type systems for the same process language. Loosely related to our work (in particular to the translations in §5 and §5.3) is previous work on deadlock resolution in the π-calculus by Giunti and Ravara [GR13] and on unlocking blocked processes by Francalanza et al. [FGR15]. e approach in [GR13] relies on a typing algorithm that detects a particular class of deadlocks (so-called self-holding deadlocks), but instead of rejecting the code, fixes it by looking into the session types and producing new safe code that obeys the protocols and is deadlock-free. Build- ing upon [GR13], the work in [FGR15] investigates methods for resolving circular-wait deadlocks across parallel compositions, with a focus on finite CCS processes.

8 Concluding Remarks

We have presented a formal comparison of fundamentally distinct type systems for deadlock-free, session typed π-calculus processes. To the best of our knowledge, ours is the first work to establish precise relationships of this kind. Indeed, prior comparisons between type systems for deadlock freedom are informal, given in terms of specific processes typable in one type system but not in some other. An immediate difficulty in giving a unified account of different typed frameworks for deadlock freedom is the variety of process languages, type structures, and typing rules that define each framework. Our

36 comparisons involve: the framework of session processes put forward by Vasconcelos [Vas12]; the interpretation of linear logic propositions as session types by Caires [Cai14]; the π-calculus with usage types by Kobayashi in [Kob02]. Finding some common ground for comparing these three frameworks is not trivial—several translations/transformations were required in our developments to account for numerous syntactic differences. We made an effort to follow the exact definitions in each framework. Overall, we be- lieve that we managed to concentrate on essential semantic features of two salient classes of deadlock-free session processes, here defined as L and K (cf. Definition 4.4). One main technical contribution is the identification of the precise conditions under which L and K coincide. We introduced µK, a strict sub-class of K that coincides with L. e class µK arises as the specialization of Kobayashi’s type system [Kob06] that results from internalizing the key aspects of the Curry-Howard interpretation of session types, most notably, the principle of “composition plus hiding”, which allows to compose only processes that share exactly one session. is way, µK represents a new characterization of L, given in terms of a very different type system for deadlock freedom adopting usages, capabilities and obligations, put forward by Kobayashi. e identification of µK and its coincidence with L thus provide an immediate way of separating the classes of processes in L and K. As another technical contribution, but on the opposite direction, we determined how to unify these two classes by developing an intuitive translation of processes in K into processes in L, which addresses the syntactic differences between different classes of deadlock-free processes in a type-respecting manner. Although based on simple ideas, our technical developments substantially clarify our understanding of type systems for liveness properties (such as deadlock freedom) in the context of π-calculus processes.

Acknowledgments We would like to thank the anonymous reviewers of previous versions of this paper for their useful suggestions, which led to substantial improvements. We are also grateful to Lu´ıs Caires and Simon J. Gay for their valuable comments and suggestions on prior versions of this manuscript. We thank Bas van den Heuvel for his help in designing Figure 1. is work was partially supported by the EU COST Action IC1201 (Behavioural Types for Reliable Large-Scale Soware Systems). Dardha is supported by the UK EPSRC project EP/K034413/1 (From Data Types to Session Types: A Basis for Concurrency and Distribution). Perez´ has been partially supported by the Dutch Research Council (NWO) under project No. 016.Vidi.189.046 (Unifying Correctness for Commu- nicating Soware). Perez´ is also aﬃliated to the NOVA Laboratory for Computer Science and Informatics, Universidade Nova de Lisboa, Portugal.

References

[AGN97] Samson Abramsky, Simon J. Gay, and Rajagopal Nagarajan. A type-theoretic approach to deadlock-freedom of asynchronous systems. In Mart´ın Abadi and Takayasu Ito, editors, e- oretical Aspects of Computer Soware, ird International Symposium, TACS ’97, Sendai, Japan, September 23-26, 1997, Proceedings, volume 1281 of Lecture Notes in Computer Science, pages 295–320. Springer, 1997. [ALM16] Robert Atkey, Sam Lindley, and J. Garre Morris. Conﬂation confers concurrency. In Sam Lindley, Conor McBride, Philip W. Trinder, and Donald Sannella, editors, A List of Successes at Can Change the World - Essays Dedicated to Philip Wadler on the Occasion of His 60th Birthday, volume 9600 of Lecture Notes in Computer Science, pages 32–55. Springer, 2016.

37 [BCD+08] Lorenzo Beini, Mario Coppo, Loris D’Antoni, Marco De Luca, Mariangiola Dezani- Ciancaglini, and Nobuko Yoshida. Global progress in dynamically interleaved multiparty sessions. In CONCUR, pages 418–433, 2008.

[BS98] Michele Boreale and Davide Sangiorgi. A fully abstract semantics for causality in the \pi- calculus. Acta Inf., 35(5):353–400, 1998. [BTP19] Stephanie Balzer, Bernardo Toninho, and Frank Pfenning. Manifest deadlock-freedom for shared session types. In Lu´ıs Caires, editor, Programming Languages and Systems - 28th Eu- ropean Symposium on Programming, ESOP 2019, Held as Part of the European Joint Conferences on eory and Practice of Soware, ETAPS 2019, Prague, Czech Republic, April 6-11, 2019, Proceed- ings, volume 11423 of Lecture Notes in Computer Science, pages 611–639. Springer, 2019. [Cai14] Lu´ıs Caires. Types and logic, concurrency and non-determinism. In Essays for the Luca Cardelli Fest - Microso Research Technical Report MSR-TR-2014-104, September 2014. [CD10] Marco Carbone and Søren Debois. A graphical approach to progress for structured communication in web services. In ICE 2010, Amsterdam, e Netherlands, 10th of June 2010., volume 38 of EPTCS, pages 13–27, 2010.

[CDM14] Marco Carbone, Ornela Dardha, and Fabrizio Montesi. Progress as compositional lock-freedom. In Coordination Models and Languages - 16th IFIP WG 6.1 International Conference, COORDINA- TION 2014, Held as Part of the 9th International Federated Conferences on Distributed Computing Techniques, DisCoTec, volume 8459 of LNCS, pages 49–64. Springer, 2014. [CP10] Lu´ıs Caires and Frank Pfenning. Session types as intuitionistic linear propositions. In CONCUR 2010, volume 6269 of LNCS, pages 222–236. Springer, 2010. [CP17] Lu´ıs Caires and Jorge A. Perez.´ Linearity, control eﬀects, and behavioral types. In Hongseok Yang, editor, Programming Languages and Systems - 26th European Symposium on Programming, ESOP 2017, Held as Part of the European Joint Conferences on eory and Practice of Soware, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings, volume 10201 of Lecture Notes in Computer Science, pages 229–259. Springer, 2017. [CPT16] Lu´ıs Caires, Frank Pfenning, and Bernardo Toninho. Linear logic propositions as session types. Mathematical Structures in Computer Science, 26(3):367–423, 2016. [CV09] Lu´ıs Caires and Hugo Torres Vieira. Conversation types. In ESOP’09, volume 5502 of LNCS, pages 285–300, Heidelberg, Germany, 2009. Springer-Verlag. [Dar14] Ornela Dardha. Recursive session types revisited. In Proceedings ird Workshop on Behavioural Types, BEAT 2014, Rome, Italy, 1st September 2014., volume 162 of EPTCS, pages 27–34, 2014. [Dar16] Ornela Dardha. Type Systems for Distributed Programs: Components and Sessions, volume 7 of Atlantis Studies in Computing. Springer / Atlantis Press, 2016. [DdY08] Mariangiola Dezani-Ciancaglini, Ugo de’Liguoro, and Nobuko Yoshida. On progress for structured communications. In Trustworthy Global Computing, volume 4912of LNCS, pages 257–275. Springer, 2008.

38 [DG18] Ornela DardhaandSimonJ. Gay. Anew linearlogicfordeadlock-free session-typed processes. In Foundations of Soware Science and Computation Structures - 21st International Conference, FOSSACS 2018, Held as Part of the European Joint Conferences on eory and Practice of Soware, ETAPS 2018, essaloniki, Greece, April 14-20, 2018, Proceedings, volume 10803 of LNCS, pages 91–109. Springer, 2018. [DGS12] Ornela Dardha, Elena Giachino, and Davide Sangiorgi. Session types revisited. In PPDP’12, pages 139–150. ACM, 2012. [DGS17] Ornela Dardha, Elena Giachino, and Davide Sangiorgi. Session types revisited. Inf. Comput., 256:253–286, 2017. [DP15] OrnelaDardhaandJorgeA.Perez.´ Comparing deadlock-free session typed processes. In Com- bined 22th International Workshop on Expressiveness in Concurrency and 12th Workshop on Struc- tural Operational Semantics, and 12th Workshop on Structural Operational Semantics, EXPRESS/- SOS, volume 190 of EPTCS, pages 1–15, 2015. [FGR15] Adrian Francalanza, Marco Giunti, and Antonio´ Ravara. Unlocking blocked communicating processes. In Maurice H. ter Beek and Alberto Lluch-Lafuente, editors, Proceedings 11th Inter- national Workshop on Automated Specification and Verification of Web Systems, WWV 2015, Oslo, Norway, 23rd June 2015., volume 188 of EPTCS, pages 23–32, 2015. [FKD+21] Simon Fowler, Wen Kokke, Ornela Dardha, Sam Lindley, and J. Garre Morris. Separating sessions smoothly. In Serge Haddad and Daniele Varacca, editors, 32nd International Conference on Concurrency eory, CONCUR 2021, August 24-27, 2021, Virtual Conference, volume 203 of LIPIcs, pages 36:1–36:18. Schloss Dagstuhl - Leibniz-Zentrum fur¨ Informatik, 2021. [GH05] Simon Gay and Malcolm Hole. Subtyping for session types in the pi calculus. Acta Informatica, 42(2-3):191–225, nov 2005. [GKL14] Elena Giachino, Naoki Kobayashi, and Cosimo Laneve. Deadlock analysis of unbounded process networks. In CONCUR, pages 63–77, 2014. [GN16] Daniele Gorla and Uwe Nestmann. Full abstraction for expressiveness: history, myths and facts. Math. Struct. Comput. Sci., 26(4):639–654, 2016. [Gor10] Daniele Gorla. Towards a unified approach to encodability and separation results for process calculi. Inf. Comput., 208(9):1031–1053, 2010. [GR13] Marco Giunti and Antonio´ Ravara. Towards static deadlock resolution in the -calculus. In TGC, pages 136–155, 2013. [Hon93] Kohei Honda. Types for dyadic interaction. In the 4th International Conference on Concurrency eory, CONCUR, volume 715 of LNCS, pages 509–523. Springer, 1993. [HVK98] Kohei Honda, Vasco udichum Vasconcelos, and Makoto Kubo. Language primitives and type discipline for structured communication-based programming. In ESOP’98, volume 1381 of LNCS, pages 122–138. Springer, 1998. [IK04] AtsushiIgarashiandNaokiKobayashi. Agenerictypesystem for the pi-calculus. eor. Comput. Sci., 311(1-3):121–163, 2004.

39 [KD21a] Wen Kokke and Ornela Dardha. Deadlock-free session types in linear haskell. In Jurriaan Hage, editor, Haskell 2021: Proceedings of the 14th ACM SIGPLAN International Symposium on Haskell, Virtual Event, Korea, August 26-27, 2021, pages 1–13. ACM, 2021. [KD21b] Wen Kokke and Ornela Dardha. Prioritise the best variation. In Kirstin Peters and Tim A. C. Willemse, editors, Formal Techniques for Distributed Objects, Components, and Systems - 41st IFIP WG 6.1 International Conference, FORTE 2021, Held as Part of the 16th International Federated Conference on Distributed Computing Techniques, DisCoTec 2021, Vallea, Malta, June 14-18, 2021, Proceedings, volume 12719 of Lecture Notes in Computer Science, pages 100–119. Springer, 2021. [KL17] Naoki Kobayashi and Cosimo Laneve. Deadlock analysis of unbounded process networks. Inf. Comput., 252:48–70, 2017. [KMP19] Wen Kokke, Fabrizio Montesi, and Marco Peressoi. Beer late than never: a fully-abstract semantics for classical processes. Proc. ACM Program. Lang., 3(POPL):24:1–24:29, 2019. [Kob97] Naoki Kobayashi. A partially deadlock-freetyped process calculus. In Proceedings, 12th Annual IEEE Symposium on Logic in Computer Science, Warsaw, Poland, June 29 - July 2, 1997, pages 128–139. IEEE Computer Society, 1997.

[Kob02] Naoki Kobayashi. A type system for lock-free processes. Inf. Comput., 177(2):122–159, 2002. [Kob06] Naoki Kobayashi. A new type system for deadlock-free processes. In CONCUR 2006, volume 4137 of LNCS, pages 233–247. Springer, 2006. Full version available at http://www-kb.is.s.u-tokyo.ac.jp/koba/papers/concur2006-full.pdf. [Kob07] Naoki Kobayashi. Type systems for concurrent programs. Extended version of [?], Tohoku University. www.kb.ecei.tohoku.ac.jp/koba/papers/tutorial-type-extended.pdf, 2007. [KPT96] Naoki Kobayashi, Benjamin C. Pierce, and David N. Turner. Linearity and the pi-calculus. In POPL, pages 358–371, 1996. [KPT99] Naoki Kobayashi, Benjamin C. Pierce, and David N. Turner. Linearity and the pi-calculus. ACM Trans. Program. Lang. Syst., 21(5):914–947, 1999. [KS10] Naoki Kobayashi and Davide Sangiorgi. A hybrid type system for lock-freedom of mobile processes. ACM Trans. Program. Lang. Syst., 32(5), 2010. [LM16] Sam Lindley and J. Garre Morris. Talking bananas: structural recursion for session types. In Jacques Garrigue, Gabriele Keller, and Eijiro Sumii, editors, Proceedings of the 21st ACM SIG- PLAN International Conference on Functional Programming, ICFP 2016, Nara, Japan, September 18-22, 2016, pages 434–447. ACM, 2016. [Mil91] Robin Milner. e Polyadic pi-Calculus: A Tutorial. Technical report, Logic and Algebra of Speciﬁcation, 1991. [MPW92] Robin Milner, Joachim Parrow, and David Walker. A calculus of mobile processes, I. Inf. Com- put., 100(1):1–40, 1992.

40 [Pad13] Luca Padovani. From lock freedom to progress using session types. In Proceedings of PLACES 2013, Rome, Italy, 23rd March 2013., volume 137 of EPTCS, pages 3–19, 2013. [Pad14] Luca Padovani. Deadlock and Lock Freedom in the Linear π-Calculus. In CSL-LICS, pages 72:1–72:10. ACM, 2014. [Par08] Joachim Parrow. Expressiveness of process algebras. Electron. Notes eor. Comput. Sci., 209:173–186, 2008. [Par16] Joachim Parrow. General conditions for full abstraction. Math. Struct. Comput. Sci., 26(4):655– 657, 2016. [PCPT14] JorgeA. Perez,´ Lu´ıs Caires, Frank Pfenning, and Bernardo Toninho. Linear logical relations and observational equivalences for session-based concurrency. Inf. Comput., 239:254–302, 2014. [Pie02] Benjamin C. Pierce. Types and programming languages. MIT Press, MA, USA, 2002. [QKB21] Zesen Qian, G.A. Kavvos, and Lars Birkedal. Client-server sessions in linear logic. Proc. ACM Program. Lang., (ICFP), 2021. [San02] Davide Sangiorgi. Types, or: Where’s the diﬀerence between CCS and pi? In Lubos Brim, Petr Jancar, Mojm´ır Kret´ınsky,´ and Anton´ın Kucera, editors, CONCUR 2002 - Concurrency eory, 13th International Conference, Brno, Czech Republic, August 20-23, 2002, Proceedings, volume 2421 of Lecture Notes in Computer Science, pages 76–97. Springer, 2002. [SW01] Davide Sangiorgi and David Walker. e π-calculus: a eory of Mobile Processes. Cambridge University Press, 2001. [TCP14] Bernardo Toninho, Lu´ıs Caires, and Frank Pfenning. Corecursion and non-divergence in session-typed processes. In TGC 2014, volume 8902 of LNCS, pages 159–175. Springer, 2014. [THK94] Kaku Takeuchi, Kohei Honda, and Makoto Kubo. An interaction-based language and its typing system. In PARLE’94, pages 398–413, 1994. [Vas12] Vasco T. Vasconcelos. Fundamentals of session types. Inf. Comput., 217:52–70, 2012. [vdHP20] BasvandenHeuvelandJorgeA.Perez.´ Session type systems based on linear logic: Classical ver- sus intuitionistic. In Stephanie Balzer and Luca Padovani, editors, Proceedings of the 12th Inter- national Workshop on Programming Language Approaches to Concurrency- and Communication- cEntric Soware, PLACES@ETAPS 2020, Dublin, Ireland, 26th April 2020, volume 314 of EPTCS, pages 1–11, 2020. [vdHP21] Bas van den Heuvel and Jorge A. Perez.´ Deadlock freedom for asynchronous and cyclic process networks. In Julien Lange, Anastasia Mavridou, Larisa Saﬁna, and Alceste Scalas, editors, Proceedings 14th Interaction and Concurrency Experience, ICE 2021, EPTCS, 2021. [VV13] Hugo Torres Vieira and Vasco udichum Vasconcelos. Typing progress in communication- centred systems. In COORDINATION, volume 7890 of LNCS, pages 236–250. Springer, 2013. [Wad12] Philip Wadler. Propositions as sessions. In ICFP’12, pages 273–286, 2012. [Yos96] Nobuko Yoshida. Graph types for monadic mobile processes. In FSTTCS’96, volume 1180 of LNCS, pages 371–386. Springer, 1996.

41 A Omitted Proofs for§4 A.1 Proof of eorem 4.1 (Page 24) We divide the proof into the following two lemmas: Lemma A.2 (see below) and Lemma A.3 (Page 46).

Lemma A.1 (Substitution Lemma for CP). If P ⊢LL Γ, x : T and v∈ / fn(P ), then P [v/x] ⊢LL Γ, v : T . Lemma A.2. If P ∈ L then P ∈ µK. Proof. By structural induction on P . By Deﬁnition 4.4 and Deﬁnition 4.5, we have that

L = P ∈ P : ∃Γ. (Γ ⊢ST P ∧ JP Kℓ ⊢LL JΓKℓ) P ↓ f µ f µK = P ∈ : ∃Γ, f. (Γ ⊢ST P ∧ JΓ Ku ⊢≺ JP Ku ) where J·Kℓ is as in Deﬁnition 4.1. Following the syntax in Figure 2, there are seven cases to consider:

1. P = 0: By assumption we have both Γ ⊢ST 0, for some context Γ (with un(Γ)), and 0 ⊢LL ↓ x1:•, ··· , xn:•, for some x1,...,xn such that xi : end ∈ Γ, for all i ∈{1,...,n}. Because Γ = ∅, f µ 0 f we must show that J∅Ku ⊢≺ J Ku . By Deﬁnition 3.11 and Figure 7, this is the same as showing that µ 0 T -Nil ∅⊢≺ . e thesis then follows immediately from Rule ( π ) in Figure 11.

2. P = x(y).P ′: By assumption and Definition 3.11, Definition 4.1, and Definition 4.4, we have

′ Γ, x : ?T.S ⊢ST x(y).P (2) ′ x(y).JP Kℓ ⊢LL JΓKℓ, x : JT Kℓ O JSKℓ

for some context Γ and session types S,T . By inversion on typing judgement on (2):

′ Γ, x : S,y : T ⊢ST P (3) ′ Γ, x : ?T.S ⊢ST x(y).P

By Deﬁnition 3.11 and Deﬁnition 4.5 and by Figure 7, we then must show:

0 ↓ f µ ′ f,{x7→c} fx : chan(JT Ku, JSKu ; ?0);≺ JΓ Ku ⊢≺ fx(y,c).JP Ku

By induction hypothesis on the premise of (3) we have:

↓ f ′ ′ ′ µ ′ f ′ JΓ Ku ,fx : JSKu,fy : JT Ku ⊢≺ JP Ku (4)

for some renaming function f ′. We let f be such that f ′ = f, {x 7→ c}. We can then use f to rewrite the above judgement (4), as follows:

↓ f µ ′ f,{x7→c} JΓ Ku ,c : JSKu,y : JT Ku ⊢≺ JP Ku (5)

en, the thesis follows from (5) aer applying Rule (Tπ-In) in Figure 11.

42 3. P = xhyi.P ′: By assumption and Definition 3.11, Definition 4.1, and Definition 4.4, we have:

′ Γ, x :!T.S, y : T ⊢ST xhyi.P (6) ′ x(z).([z ↔y] | JP Kℓ) ⊢LL JΓKℓ, x : JT Kℓ ⊗ JSKℓ,y : JT Kℓ

for some context Γ and session types S,T . By inversion on typing judgement on (6) we have:

′ Γ, x : S ⊢ST P (7) ′ Γ, x :!T.S, y : T ⊢ST xhyi.P

By Deﬁnition 4.5 and Figure 7, we must show:

0 ↓ f µ ν ′ f,{x7→c} fx : chan(JT Ku, JSKu ;!0);≺ y : JT Ku | JΓ Ku ⊢≺ ( c)fxhy,ci.JP Ku By induction hypothesis on the premise of (7) we have:

↓ f ′ ′ µ ′ f ′ JΓ Ku ,fx : JSKu ⊢≺ JP Ku

for some renaming function f ′. We let f be such that f ′ = f, {x 7→ c}. We can then rewrite the above judgement in terms of f as follows:

↓ f µ ′ f,{x7→c} JΓ Ku ,c : JSKu ⊢≺ JP Ku (8)

By applying Rule (Tπ-Var) we can derive both

µ µ y : JT Ku ⊢≺ y : JT Ku (∗) and c : JSKu ⊢≺ c : JSKu (∗∗)

Let U1 = u(JSKu) and U2 = u(JSKu). Lemma 4.4 ensures rel(U1 | U2). We can then apply Rule (Tπ- BOut) in Figure 11 on (∗), (∗∗), and the induction hypothesis in (8):

µ ↓ f µ ′ f,{x7→c} y : JT Ku,c : JSKu ⊢ y : JT Ku,c : JSKu JΓ K ,c : JSKu ⊢ JP K rel(U1 | U2) ≺ u ≺ u (9) 0 ↓ f µ ν ′ f,{x7→c} fx : chan(JT Ku, JSKu ;!0);≺ y : JT Ku | JΓ Ku ⊢≺ ( c)fxhy,ci.JP Ku which concludes this case.

4. P = x⊲ {li : Pi}i∈I . en, by assumption and Definition 3.11, Definition 4.1, and Definition 4.4 we have:

Γ, x :&{li : Ti}i∈I ⊢ST x⊲ {li : Pi}i∈I (10)

x⊲ {li : Pi}i∈I ⊢LL JΓKℓ, x:&{li : JTiKℓ}i∈I

for some context Γ and session types Ti for i ∈ I. By inversion on the typing judgement given in (10) we have: Γ, x : Ti ⊢ST Pi ∀i ∈ I (11) Γ, x :&{li : Ti}i∈I ⊢ST x⊲ {li : Pi}i∈I By Deﬁnition 3.11 and Deﬁnition 4.5, and by Figure 7, we must show:

0 ↓ f µ case of f,{x7→c} fx : chan(hli : JTiKuii∈I ; ?0);≺ JΓ Ku ⊢≺ fx(y). y {li c⊲ JPiKu }i∈I

43 By induction hypothesis on the premise of (11) we have:

↓ f ′ ′ µ f ′ JΓ Ku ,fx : JTiKu ⊢≺ JPiKu ∀i ∈ I

for some renaming function f ′. We let f be such that f ′ = f, {x 7→ c}. We can then rewrite the above judgement as follows:

↓ f µ f,{x7→c} JΓ Ku ,c : JTiKu ⊢≺ JPiKu ∀i ∈ I

T -Var µ By applying Rule ( π ), we obtain y : hli : JTiKuii∈I ⊢≺ y : hli : JTiKuii∈I . en we apply in order Rules (Tπ-Case) and (Tπ-Inp) (cf. Figure 11) on the judgement above to conclude:

0 ↓ f µ case of f,{x7→c} fx : chan(hli : JTiKuii∈I ; ?0);≺ JΓ Ku ⊢≺ fx(y). y {li c⊲ JPiKu }i∈I

5. P = x⊳lj .Pj . en, by assumption and Definition 3.11, Definition 4.1, and Definition 4.4, we have:

Γ, x : ⊕{li : Ti}i∈I ⊢ST x⊳lj .Pj (12)

x⊳lj .JPj Kℓ ⊢LL JΓKℓ, x: ⊕{li : JTiKℓ}i∈I

for some context Γ and session types Ti, for i ∈ I. By inversion on typing judgement on (12) we have: Γ, x : Tj ⊢ST Pj ∃j ∈ I (13) Γ, x : ⊕{li : Ti}i∈I ⊢ST x⊳lj .Pj By Deﬁnition 4.5 and Figure 7, we must show:

0 ↓ f µ ν f,{x7→c} fx : chan(hli : JTiKuii∈I ;!0);≺ JΓ Ku ⊢≺ ( c)fxhlj ci.JPj Ku

By induction hypothesis on the premise of (13) we have:

↓ f ′ ′ µ f ′ JΓ Ku ,fx : JTj Ku ⊢≺ JPj Ku

for some renaming function f ′. We let f be such that f ′ = f, {x 7→ c}. We can then rewrite the above judgement as follows: ↓ f µ f,{x7→c} JΓ Ku ,c : JTj Ku ⊢≺ JPj Ku (14)

By applying Rules (Tπ-Var) and (Tπ-LVal) we obtain:

µ c : JTjKu ⊢≺ lj c : hli : JTiKuii∈I (15)

Let U1 = u(JTj Ku) and U2 = u(JTj Ku) Lemma 4.4 ensures rel(U1 | U2). We can then apply Rule (Tπ- BOut) (cf. Figure 11), without a free channel (only a bound one), on (14) and (15). We have:

µ ↓ f µ f,{x7→c} c : JTj Ku ⊢≺ lj c : hli : JTiKuii∈I JΓ Ku ,c : JTj Ku ⊢≺ JPj Ku rel(U1 | U2) 0 ↓ f µ ν f,{x7→c} fx : chan(hli : JTiKuii∈I ;!0);≺ JΓ Ku ⊢≺ ( c)fxhlj ci.JPj Ku which concludes this case.

44 ′ 6. P = (νxy)P : en, by assumption and Deﬁnition 3.11, 4.1, and 4.4, we have that there exist P1, P2 ′ such that P = P1 | P2 with

Γ ⊢ST (νxy)(P1 | P2) (16) w w (νw)(JP1Kℓ[ /x] | JP2Kℓ[ /y]) ⊢LL JΓKℓ for some context Γ. By inversion on the typing judgements given in (16) we have the following derivation, for some session type T :

Γ1, x : T ⊢ST P1 Γ2,y : T ⊢ST P2

Γ, x : T,y : T ⊢ST P1 | P2 (17)

Γ ⊢ST (νxy)(P1 | P2)

where Γ=Γ1, Γ2. Because P ∈ L, we have that Γ1 and Γ2 are disjoint and that channel endpoints x and y (or the single name w in L) form the only shared channel between processes P1 and P2. By Deﬁnition 4.5 and Figure 7, we must show: ↓ f µ ν f,{x7→w} f,{y7→w} JΓ Ku ⊢≺ ( w)(JP1Ku | JP2Ku ) By induction hypothesis on the premises of (17), we have:

↓ f ′ ′ µ f ′ ↓ f ′ ′ µ f ′ JΓ1Ku ,fx : JT Ku ⊢≺1 JP1Ku and JΓ2Ku ,fy : JT Ku ⊢≺2 JP2Ku ′ ′ ′ for some renaming function f . We let f be such that f = f, {x, y 7→ w}, hence we have fx = ′ fy = w. We can now rewrite the above judgements in terms of f as follows:

↓ f µ f,{x7→w} ↓ f µ f,{y7→w} JΓ1Ku , w : JT Ku ⊢≺1 JP1Ku and JΓ2Ku , w : JT Ku ⊢≺2 JP2Ku

Let U1 = u(JT Ku) and U2 = u(JT Ku). By Lemma 4.4, rel(U1 | U2). Combining these facts, we can apply Rule (Tπ-Par+Res) in Figure 11:

↓ f µ f,{x7→w} ↓ f µ f,{y7→w} JΓ1Ku , w : JT Ku ⊢≺1 JP1Ku JΓ2Ku , w : JT Ku ⊢≺2 JP2Ku rel(U1 | U2) ↓ f ↓ f µ ν f,{x7→w} f,{y7→w} JΓ1Ku , JΓ2Ku ⊢≺ ( w)(JP1Ku | JP2Ku )

with ≺i=≺ ∪{(w,y) | y ∈ fn(Pi) \{w}} (i ∈{1, 2}. is completes the proof for this case.

7. P = P1 | P2: is case is similar to the previous one. By assumption we have

Γ ⊢ST P1 | P2 (18)

JP1Kℓ | JP2Kℓ ⊢LL JΓKℓ and inversion on typing on (18) we infer:

Γ1 ⊢ST P1 Γ2 ⊢ST P2 (19) Γ1, Γ2 ⊢ST P1 | P2

where Γ=Γ1, Γ2. As before, because P ∈ L, we have that Γ1 and Γ2 are disjoint: they share no endpoints. By Deﬁnition 4.5 and Figure 7, we must show: ↓ f µ f f JΓ Ku ⊢≺ JP1Ku | JP2Ku

which follows by induction hypothesis on the premises of (19) and by applying Rule (Tπ-IndPar) (cf. Figure 11).

45 Lemma A.3. If P ∈ µK then P ∈ L. Proof. By structural induction on P . Recall that by Deﬁnition 4.5 and Deﬁnition 4.4, we have that

P ↓ f µ f µK , P ∈ : ∃Γ, f. (Γ ⊢ST P ∧ JΓ Ku ⊢≺ JP Ku ) n o L , P ∈ P : ∃Γ. (Γ ⊢ST P ∧ JP Kℓ ⊢LL JΓKℓ)

Following the syntax of processes in Figure 2, there are seven cases to consider: 0 0 ↓ f µ 0 f 1. P = : By assumption we have both Γ ⊢ST , for some Γ (with un(Γ)), and JΓ Ku ⊢≺ J Ku . Notice ↓ that Γ = ∅. We have to show 0 ⊢LL x1:•, ··· , xn:•, for some x1,...,xn such that xi : end ∈ Γ, for all i ∈ {1,...,n}. e thesis follows by using Axiom (T-1), followed by n − 1 applications of Rule (T-⊥) in Figure 5.

2. P = x(y).P ′: en, by assumption, Figure 7 and Deﬁnition 4.5, we have both

′ Γ, x : ?T.S ⊢ST x(y).P (20) ↓ f 0 µ ′ f,{x7→c} JΓ Ku ,fx : chan(JT Ku, JSKu ; ?0) ⊢≺ fx(y,c).JP Ku

for some context Γ, session types S,T , and renaming function f. By inversion on typing judgement on (20) we have: ′ Γ, x : S,y : T ⊢ST P (21) ′ Γ, x : ?T.S ⊢ST x(y).P By Deﬁnition 4.1 and Figure 10, we must show:

′ x(y).JP Kℓ ⊢LL JΓKℓ, x : JT Kℓ O JSKℓ

By induction hypothesis on the premise of (21) we have:

′ JP Kℓ ⊢LL JΓKℓ, x : JSKℓ,y : JT Kℓ (22)

and the thesis follows easily from (22) using Rule (T-O) (cf. Figure 5).

3. P = xhyi.P ′: en, by assumption, Figure 7 and Deﬁnition 4.5, we have both

′ Γ, x :!T.S, y : T ⊢ST xhyi.P (23) ↓ f 0 µ ν ′ f,{x7→c} JΓ Ku ,fx : chan(JT Ku, JSKu ;!κ) ⊢≺ ( c)fxhy,ci.JP Ku

for some typing context Γ, session types S,T and renaming function f. By inversion on typing judgement on (27) we have: ′ Γ, x : S ⊢ST P (24) ′ Γ, x :!T.S, y : T ⊢ST xhyi.P By Deﬁnition 4.1 and Figure 10, we must show:

′ x(z).([z ↔y] | JP Kℓ) ⊢LL JΓKℓ, x : JT Kℓ ⊗ JSKℓ,y : JT Kℓ

46 By induction hypothesis on the premise of (24) we have:

′ JP Kℓ ⊢LL JΓKℓ, x : JSKℓ

and then we can conclude using Rule (T-⊗) in Figure 5:

′ JP Kℓ ⊢LL JΓKℓ, x : JSKℓ [y ↔z] ⊢LL y : JT Kℓ,z : JT Kℓ ′ x(z).([z ↔y] | JP Kℓ) ⊢LL JΓKℓ, x : JT Kℓ ⊗ JSKℓ,y : JT Kℓ

where [y ↔z] ⊢LL y : JT Kℓ,z : JT Kℓ follows from Rule (T-id).

′ 4. P = x⊳lj .P : en, by assumption, Figure 7, and Deﬁnition 4.5, we have both

′ Γ, x : ⊕{li : Si}i∈I ⊢ST x⊳lj .P (25) ↓ f 0 µ ν ′ f,{x7→c} JΓ Ku ,fx : chan(hli : JSiKuii∈I ;!κ) ⊢≺ ( c)fxhlj ci.JP Ku

for some typing context Γ, session types Si for i ∈ I, and renaming function f. By inversion on typing judgement on (25) we have:

′ Γ, x : Sj ⊢ST P ∃j ∈ I ′ (26) Γ, x : ⊕{li : Si}i∈I ⊢ST x⊳lj .P

By Deﬁnition 4.1 and Figure 10, we must show:

′ x⊳lj .JP Kℓ ⊢LL JΓKℓ, x: ⊕{li : JSiKℓ}i∈I

By induction hypothesis on the premise of (26) we have:

′ JP Kℓ ⊢LL JΓKℓ, x : JSj Kℓ

and then we can conclude by using Rule (T-⊕) in Figure 5:

′ JP Kℓ ⊢LL JΓKℓ, x : JSj Kℓ j ∈ I ′ x⊳lj .JP Kℓ ⊢LL JΓKℓ, x: ⊕{li : JSiKℓ}i∈I

′ 5. P = x⊲ {li : Pi }i∈I : Similar to the previous case.

6. P = (νxy)P ′: en, by assumption, Figure 7, and Deﬁnition 4.5 we have:

′ Γ ⊢ST (νxy)P (27) ↓ f µ ν ′ f,{x,y7→w} JΓ Ku ⊢≺ ( w)JP Ku (28) for some context Γ. By Deﬁnition 4.1 and Figure 10, we must show:

w w (νw)(JP1Kℓ[ /x] | JP2Kℓ[ /y]) ⊢LL JΓ1Kℓ, JΓ2Kℓ

for some Γ=Γ1, Γ2. By inversion on (28), using Rule (Tπ-Par+Res) in Figure 11, we can infer the following:

47 • Let w : chan(T ; U), then rel(U).

• Since rel(U), then it must be the case that U = U1 | U2, which in turn implies that ′ f,{x,y7→w}e ′ f,{x7→w} ′ f,{y7→w} ′ ′ JP Ku = JP1Ku | JP2Ku , for some P1, P2. ′ f,{x7→w} ′ f,{y7→w} • Processes JP1Ku and JP2Ku share exactly one channel, namely w. By inversion on the encoding and renaming function f, and on the typing judgement on (27) we have: Γ1, x : S ⊢ST P1 Γ2,y : S ⊢ST P2

Γ1, x : S, Γ2,y : S ⊢ST P1 | P2 (29)

Γ1, Γ2 ⊢ST (νxy)(P1 | P2)

for some session type S and Γ=Γ1, Γ2. By applying the induction hypothesis on the premises of (29), we have both

JP1Kℓ ⊢LL JΓ1Kℓ, x : JSKℓ and JP2Kℓ ⊢LL JΓ2Kℓ,y : JSKℓ

By Lemma A.1 we obtain:

w w JP1Kℓ[ /x] ⊢LL JΓ1Kℓ, w : JSKℓ and JP2Kℓ[ /y] ⊢LL JΓ2Kℓ, w : JSKℓ

We then conclude by using Lemma 4.3 and Rule (Tcut) (cf. Figure 5):

w w JP1Kℓ[ /x] ⊢LL JΓ1Kℓ, w : JSKℓ JP2Kℓ[ /y] ⊢LL JΓ2Kℓ, w : JSKℓ w w (νw)(JP1Kℓ[ /x] | JP2Kℓ[ /y]) ⊢LL JΓ1Kℓ, JΓ2Kℓ

7. P = P1 | P2: similar to the previous case, noticing that since there is no restriction to bind two endpoints together, membership of P in µK relies on Rule (Tπ-InDPar) in Figure 11 rather than on Rule (Tπ-Par+Res) (as in the previous case). en, we use Rule (T-mix) (rather than Rule (Tcut)) to type the composition of P1 and P2 (cf. Figure 5).

B Omitted Proofsfor §5 B.1 Proof of Lemma 5.1 We repeat the statement in Page 25: Lemma 5.1. Let T be a session type and Γ be a session context.

x 1. For all P ∈ h|T |i , we have P ⊢LL x : JT Kℓ.

2. For all P ∈ h|Γ|i, we have P ⊢LL JΓKℓ. Proof. We consider both parts separately.

Part 1. e proof proceeds by induction on the structure of T . us, there are ﬁve cases to consider:

P1 ⊢LL y : JT Kℓ P2 ⊢LL x : JSKℓ

Now, by applying Rules (T-mix) and (T-O) (cf. Figure 5) we have

P1 ⊢LL y : JT Kℓ P2 ⊢LL x : JSKℓ

P1 | P2 ⊢LL y : JT Kℓ, x : JSKℓ

x(y).(P1 | P2) ⊢LL x:JT Kℓ O JSKℓ

By encoding of types in Figure 10, we have J?T.SKℓ = JT Kℓ O JSKℓ, which concludes this case.

P1 ⊢LL y : JT Kℓ P2 ⊢LL x : JSKℓ

Now, by applying Rule (T-⊗) (cf. Figure 5) we have

P ⊢LL y : JT Kℓ Q ⊢LL x : JSKℓ

x(y).(P | Q) ⊢LL x : JT Kℓ ⊗ JSKℓ

By encoding of types in Figure 10, we have J!T.SKℓ = JT Kℓ ⊗ JSKℓ which concludes this case.

x 4. Case T =&{li : Si}i∈I . en, by Deﬁnition 5.1, P is of the form x⊲ {li : Pi}i∈I , with Pi ∈ h|Si|i , for all i ∈ I. By induction hypothesis on those Si, we obtain Pi ⊢LL x : JSiKℓ, for all i ∈ I. en, by Rule (T&) (cf. Figure 5) we have:

Pi ⊢LL x : JSiKℓ ∀i ∈ I

x⊲ {li : Pi}i∈I ⊢LL x :&{li : JSiKℓ}i∈I

By encoding of types in Figure 10, J&{li : Si}i∈I Kℓ =&{li : JSiKℓ}i∈I , which concludes this case.

x 5. Case T = ⊕{li : Si}i∈I . en, by Deﬁnition 5.1, P is of the form x⊳lj .Pj , with Pj ∈ h|Sj |i and j ∈ I. By induction hypothesis on Sj , we obtain Pj ⊢LL x : JSj Kℓ. en, by Rule (T⊕) (cf. Figure 5) we have Pj ⊢LL x : JSj Kℓ

x⊳lj.Pj ⊢LL x: ⊕{li : JSiKℓ}i∈I

By encoding of types in Figure 10, we have J⊕{li : Si}i∈I Kℓ = ⊕{li : JSiKℓ}i∈I , which concludes this case.

49 Part 2. Given Γ = w1 : T1,...,wn : Tn, the proof is by induction on n, the size of Γ. e base case w1 is when n = 1: then, by Part 1, h|Γ|i = h|T1|i , and the thesis follows immediately. e inductive step ′ (n > 1) proceeds by using the inductive hypothesis and Rule (T-mix). Let Γ=Γ , wn : Tn. en, by ′ ′ ′ inductive hypothesis, Pi ∈ h|Γ |i implies Pi ⊢LL JΓ Kℓ. Recall that JΓ Kℓ = w1:JT1Kℓ,...,wn−1:JTn−1Kℓ ′ wn ′ by Deﬁnition 4.2. Also, by Part 1, P ∈ h|Tn|i implies P ⊢LL wn : JTnKℓ. Since by Deﬁnition 5.2, ′ ′ Pi | P ∈ h|Γ|i, the thesis follows by composing Pi and P using Rule (T-mix):

′ Pi ⊢LL w1 : JT1Kℓ, ··· , wn−1 : JTn−1Kℓ P ⊢LL wn : JTnKℓ ′ Pi | P ⊢LL w1 : JT1Kℓ, ··· , wn : JTnKℓ is concludes the proof.

B.2 Proof of eorem 5.1 We repeat the statement in Page 29:

eorem 5.1. (L·M is Type Preserving) Let Γ ⊢ST P . en, forall Q ∈ LΓ ⊢ST P M, we have that Q ⊢LL JΓKℓ.

Proof. e proof proceeds by cases on the judgement Γ ⊢ST P used in the translation given in Deﬁnition 5.4, and by inversion on the last typing rule applied (given in Figure 3). ere are seven cases to consider:

1. Γ ⊢ST 0. en, by inversion the last rule applied is (T-Nil), with un(Γ). By Deﬁnition 5.4 we have LΓ ⊢ST 0M = {0}. By applying Rule (T-1) (cf. Figure 5) we have:

(T-1) 0 ⊢LL x : •

e thesis follows immediately by the encoding of types J·Kℓ in Figure 10 and Deﬁnition 4.2, which ensure that Jx : endKℓ = x : JendKℓ = x : •.

2. Γ′, x :!T.S, v : T ⊢ST xhvi.P ′, where Γ=Γ′, x :!T.S, v : T and P = xhvi.P ′. By inversion the last rule applied is (T-Out): ′ ′ Γ , x : S ⊢ST P T-Out ′ ′ ( ) Γ , x :!T.S, v : T ⊢ST xhvi.P By Deﬁnition 5.4,

′ ′ ′ ′ LΓ , x :!T.S, v : T ⊢ST xhvi.P M = {x(z). [v ↔z] | Q : Q ∈ LΓ , x : S ⊢ST P M}

By Rule (T-id) and by Lemma 4.3 we have:

(T-id) [v ↔z] ⊢LL v : JT Kℓ,z : JT Kℓ (30)

′ ′ ′ ′ By induction hypothesis, for all Q ∈ LΓ , x : S ⊢ST P M we have that Q ⊢LL JΓ Kℓ, x : JSKℓ. Let Q ′ be a process in this set. By applying Rule (T-⊗) on Q and on (30) we have

′ ′ [v ↔z] ⊢LL v : JT Kℓ,z : JT Kℓ Q ⊢LL JΓ Kℓ, x : JSKℓ T-⊗ ′ ′ ( ) x(z). [v ↔z] | Q ⊢LL JΓ Kℓ, x : JT Kℓ ⊗ JSKℓ, v : JT Kℓ

By encoding of types J·Kℓ in Figure 10 we have J!T.SKℓ = JT Kℓ ⊗ JSKℓ, and by Deﬁnition 4.2, we ′ ′ have JΓ , x :!T.S, v : T Kℓ = JΓ Kℓ, x : JT Kℓ ⊗ JSKℓ, v : JT Kℓ, which concludes this case.

50 3. Γ1, Γ2, x :!T.S ⊢ST (νzy)xhyi.(P1 | P2), where Γ=Γ1, Γ2, x :!T.S. By inversion, this judgement is derived by a sequence of applications of rules, the last rule applied is (T-Res), and before that (T-Out) and (T-Par) as follows:

Γ1,z : T ⊢ST P1 Γ2, x : S ⊢ST P2 (T-Par) Γ1,z : T, Γ2, x : S ⊢ST P1 | P2 (T-Out) Γ1, Γ2, x :!T.S, y : T,z : T ⊢ST xhyi.(P1 | P2) (T-Res) Γ1, Γ2, x :!T.S ⊢ST (νzy)xhyi.(P1 | P2)

By Deﬁnition 5.4, we have

LΓ1, Γ2, x :!T.S ⊢ST (νzy)xhyi.(P1 | P2)M =

x(z).(Q1 | Q2): Q1 ∈ LΓ1,z : T ⊢ST P1M ∧ Q2 ∈ LΓ2, x : S ⊢ST P2M

By induction hypothesis, for all processes

Q1 ∈ LΓ1,z : T ⊢ST P1M we have Q1 ⊢LL JΓ1Kℓ,z : JT Kℓ

and Q2 ∈ LΓ2, x : S ⊢ST P2M we have Q2 ⊢LL JΓ2Kℓ, x : JSKℓ

′ ′ T- ′ Let Q1 and Q2 be processes in the ﬁrst and second set, respectively. By applying Rule ( ⊗) on Q1 ′ and Q2 we have: ′ ′ Q1 ⊢LL JΓ1Kℓ,z : JT Kℓ Q2 ⊢LL JΓ2Kℓ, x : JSKℓ T-⊗ ′ ′ ( ) x(z). Q1 | Q2 ⊢LL JΓ1Kℓ, JΓ2Kℓ, x : JT Kℓ ⊗ JSKℓ

By the encoding of types J·Kℓ in Figure 10 we have J!T.SKℓ = JT Kℓ ⊗ JSKℓ, and by Deﬁnition 4.2, we have JΓ1, Γ2, x :!T.SKℓ = JΓ1Kℓ, JΓ2Kℓ, x : JT Kℓ ⊗ JSKℓ, which concludes this case.

4. Γ′, x : ?T.S ⊢ST x(y : T ).P ′, where Γ=Γ′, x : ?T.S. By inversion, the last typing rule applied is (T-In): ′ ′ Γ , x : S,y : T ⊢ST P T-In ′ ′ ( ) Γ , x : ?T.S ⊢ST x(y : T ).P By Deﬁnition 5.4 we have

′ ′ ′ ′ LΓ , x : ?T.S ⊢ST x(y : T ).P M = {x(y).Q : Q ∈ LΓ , x : S,y : T ⊢ST P M}

′ ′ ′ By induction hypothesis, Q ∈ LΓ , x : S,y : T ⊢ST P M implies Q ⊢LL JΓ Kℓ, x : JSKℓ,y : JT Kℓ. Let Q′ be a process in this set. By applying Rule (T-O) on Q′:

′ ′ Q ⊢LL JΓ Kℓ, x : JSKℓ,y : JT Kℓ T-O ′ ′ ( ) x(y).Q ⊢LL JΓ Kℓ, x : JT Kℓ O JSKℓ

where by the encoding of types J·Kℓ in Figure 10 we have J?T.SKℓ = JT Kℓ O JSKℓ, and by Deﬁni- ′ ′ tion 4.2, we have JΓ , x : ?T.SKℓ = JΓ Kℓ, x : JT Kℓ O JSKℓ, which concludes this case.

51 ′ ′ ′ 5. Γ , x : ⊕{li : Si}i∈I ⊢ST x⊳lj .P , where Γ=Γ , x : ⊕{li : Si}i∈I . By inversion, the last typing rule applied is (T-Sel): ′ ′ Γ , x : Sj ⊢ST P j ∈ I T-Sel ′ ′ ( ) Γ , x : ⊕{li : Si}i∈I ⊢ST x⊳lj .P By Deﬁnition 5.4 we have

′ ′ ′ ′ LΓ , x : ⊕{li : Si}i∈I ⊢ST x⊳lj .P M = {x⊳lj .Q : Q ∈ LΓ , x : Sj ⊢ST P M}

′ ′ ′ ′ By induction hypothesis, for all Q ∈ LΓ , x : Sj ⊢ST P M we have Q ⊢LL JΓ Kℓ, x : JSj Kℓ. Let Q be a ′ process in this set. By applying Rule (T-⊕) on Q we have:

′ ′ Q ⊢LL JΓ Kℓ, x : JSj Kℓ j ∈ I T- ′ ′ ( ⊕) x⊳lj .Q ⊢LL JΓ Kℓ, x : ⊕{li : JSiKℓ}i∈I

By the encoding of types J·Kℓ in Figure 10, and Deﬁnition 4.2, we have

′ ′ JΓ , x : ⊕{li : Si}i∈I Kℓ = JΓ Kℓ, x : ⊕{li : JSiKℓ}i∈I

which concludes this case.

′ ′ 6. Γ , x :&{li : Si}i∈I ⊢ST x⊲ {li : Pi}i∈I , where Γ=Γ , x :&{li : Si}i∈I . By inversion, the last typing rule applied is (T-Bra):

′ Γ , x : Si ⊢ST Pi ∀i ∈ I T-Bra ′ ( ) Γ , x :&{li : Si}i∈I ⊢ST x⊲ {li : Pi}i∈I

By Deﬁnition 5.4 we have that

′ ′ LΓ , x :&{li : Si}i∈I ⊢ST x⊲ {li : Pi}i∈I M = {x⊲ {li : Q}i∈I : Q ∈ LΓ , x : Si ⊢ST PiM}

′ ′ By induction hypothesis, Qi ∈ LΓ , x : Si ⊢ST PiM implies Qi ⊢LL JΓ Kℓ, x : JSiKℓ, for all i ∈ I. Let ′ T- ′ Qi be a process in the corresponding set, for all i ∈ I. By applying Rule ( &) on each of Qi we have:

′ ′ Qi ⊢LL JΓ Kℓ, x : JSiKℓ T- ′ ′ ( &) x⊲ {li : Qi}i∈I ⊢LL JΓ Kℓ, x :&{li : JSiKℓ}i∈I

By the encoding of types J·Kℓ in Figure 10 we have J&{li : Si}i∈I Kℓ = &{li : JSiKℓ}i∈I , and by ′ ′ Deﬁnition 4.2, we have JΓ , x :&{li : Si}i∈I Kℓ = JΓ Kℓ, x :&{li : JSiKℓ}i∈I , which concludes this case. ] ] ] 7. Γ1, [x : S], Γ2, [y : T ] ⊢ST (νxy : S)(P1 | P2), where by inversion we have Γ1, x : S ⊢ST P1 and ] Γ2, y : T ⊢ST P2, and the last typing rule applied is (T-Res), and before that Rule (T-Par) is used, as follows: ee e ] ] Γ1, x : S ⊢ST P1 (1) Γ2, y : T ⊢ST P2 (2) T-Par ] ] ( ) Γ1, Γ2, x : S, y : T ⊢ST P1 | P2 T-Res ] ] ( ) Γ1, [x : S], Γ2, [y : T ] ⊢ST (νxy : S)(P1 | P2)

ee e 52 Notice that since restriction is the only means of creating dual session channel endpoints (co- variables) and the only restricted names in P are xy, it then follows that Γ1 ∩ Γ2 = ∅. Hence, by the deﬁnition of the ‘,’ operator we have that Γ1, Γ2 =Γ1, Γ2. ] ] By Deﬁnition 5.4, we have that LΓ1, [x : S], Γ2, [y : Tf] ⊢ST (νxy : S)(P1 | P2)M is the following set of processes: f e ] ST C1[Q1] | G2 : C1 ∈C]x:T ,Q1 ∈ LΓ1, x : S ⊢ P1M, G2 ∈ h|Γ2|i (31) ] ST ∪ G1 | C2[Q2]: C2 ∈C]y:S,Q2 ∈ LΓ2, y : T ⊢ P2M, G1 ∈ h|Γ1|i (32) We start by inspecting the set of processes in (31). By induction hypothesis on the le-hand side premise of Rule (T-Par), marked (1), we have:

] ^ for all processes Q ∈ LΓ1, x : S ⊢ST P1M we have that Q ⊢LL JΓ1Kℓ, x : JSKℓ

′ ′ Let Q be an arbitrary process in this set. By Lemma 5.2 we have that C1[Q ] ⊢LL JΓ1Kℓ. By Lemma 5.1(b) since G2 ∈ h|Γ2|i, we have that G2 ⊢LL JΓ2Kℓ. Since Γ1 and Γ2 are disjoint, by Rule (T-mix) we have the following derivation, which concludes the inspection of(31):

′ C1[Q ] ⊢LL JΓ1Kℓ G2 ⊢LL JΓ2Kℓ T- ′ ( mix) C1[Q ] | G2 ⊢LL JΓ1Kℓ, JΓ2Kℓ

We inspect now the the set of processes in (32). By induction hypothesis on the right-hand side premise of Rule (T-Par), marked (2), we have:

] ^ for all processes R ∈ LΓ2, y : T ⊢ST RM we have that R ⊢LL JΓ2Kℓ, y : JT Kℓ

′ ′ Let R be an arbitrary process in this set. By Lemma 5.2, C2[R ] ⊢LL JΓ2Kℓ. By Lemma 5.1(b) since G1 ∈ h|Γ1|i, we have G1 ⊢LL JΓ1Kℓ. Since Γ1 and Γ2 are disjoint, by Rule (T-mix) we have the following derivation: ′ C2[R ] ⊢LL JΓ2Kℓ G1 ⊢LL JΓ1Kℓ T-mix ′ ( ) C2[R ] | G1 ⊢LL JΓ1Kℓ, JΓ2Kℓ We thus conclude that every process belonging to the set in (31)or (32) is typed under the typing context JΓ1Kℓ, JΓ2Kℓ, concluding this case (and the proof).

B.3 Proof of eorem 5.2 (Page 30) We repeat Deﬁnition 5.5 (cf. Page 30):

Deﬁnition B.1. Let P,Q be processes such that P,Q ⊢LL Γ. We write P + Q if and only if there exist P1, P2,Q1,Q2 and Γ1, Γ2 such that the following hold:

P = P1 | P2 Q = Q1 | Q2 P1,Q1 ⊢LL Γ1 P2,Q2 ⊢LL Γ2 Γ=Γ1, Γ2

53 Lemma B.1 (Substitution Lemma for Sessions [Vas12]). If Γ1 ⊢ST v : T and Γ2, x : T ⊢ST P and Γ = Γ1, Γ2, then Γ ⊢ST P [v/x].

Lemma B.2 (Substitution Lemma for L·M). If P ∈ LΓ, x : T ⊢ST QM and v∈ / fn(P,Q), then P [v/x] ∈ LΓ, v : T ⊢ST Q[v/x]M. Proof. Immediate from Deﬁnition 5.4 and Lemma B.1.

Proposition B.1 (Composing Characteristic Processes). Let Γ and T be a typing context and a type, respectively.

x • If P1 ∈ h|Γ|i and P2 ∈ h|T |i then P1 | P2 ∈ h|Γ, x : T |i.

eorem 5.2. (Operational Correspondence for L·M) Let P be such that Γ ⊢ST P for some typing context Γ. en, we have:

If P → P ′, then for all Q ∈ LΓ ⊢ST P M there exist Q′, R such that Q →֒→ Q′, Q′ + R, and .1 R ∈ LΓ ⊢ST P ′M.

,′ If Q ∈ LΓ ⊢ST P M, such that P ∈ K, and Q →֒→ Q′, then there exist P ′, R such that P → P .2 Q′ + R, and R ∈ LΓ ⊢ST P ′M. Proof. We consider both parts separately.

Part 1. e proof is by induction on the height of the derivation P → P ′ (cf. Figure 2). ere are two main cases to consider, which are reductions inferred using Rules(R-Com) and (R-Case); there are also cases corresponding to Rules (R-Par), (R-Res), and (R-Str), which are straightforward via the induction hypothesis. For convenience, below we annotate bound names with their types: this way, e.g., (νxy : S) means that x : S and y : S.

1. Case(R-Com): en we have:

′ ′′ ′ P , (νxy : S )(xhvi.P1 | y(t : T ).P2) → (νxy : S )(P1 | P2[v/t]) , P

Since Γ ⊢ST P , then by inversion we get S′ = !T.S for some session types S,T . en, S′′ = S. Again by inversion we have the following derivation:

Γ1, x : S ⊢ST P1 Γ2,y : S,t : T ⊢ST P2 (T-Out) (T-Inp) Γ1, v : T, x :!T.S ⊢ST xhvi.P1 Γ2,y : ?T.S ⊢ST y(t : T ).P2 (T-Par) Γ1, v : T, x :!T.S, Γ2,y : ?T.S ⊢ST xhvi.P1 | y(t : T ).P2 T-Res ′ ( ) (Γ1, v : T ), Γ2 ⊢ST (νxy : S )(xhvi.P1 | y(t : T ).P2)

54 By Deﬁnition 5.4, the translation of P is as follows:

LΓ ⊢ST P M =L(Γ1, v : T ), Γ2 ⊢ST (νxy :!T.S)(xhvi.P1 | y(t : T ).P2)M

= C1[Q1] | G2 : C1 ∈Cx:?T.S,Q1 ∈ LΓ1, x :!T.S, v : T ⊢ST xhvi.P1M, G2 ∈ h|Γ2|i

A1 |∪ {z } G1 | C2[Q2]: C2 ∈Cy:!T.S,Q2 ∈ LΓ2,y : ?T.S ⊢ST y(t : T ).P2M, G1 ∈ h|Γ1, v : T |i

A2 where: | {z } ν ∗ A1 = ( x) x(w). [v ↔w] | P1 | Px | G2 : ∗ x P1 ∈ LΓ1, x : S ⊢ST P1M, Px ∈ h|?T.S|i , G2 ∈ h|Γ2|i (33) ν ∗ A2 = G1 | ( y) y(t).P2 | Py : ∗ y P2 ∈ LΓ2,y : S,t : T ⊢ST P2M, Py ∈ h|!T.S|i , G1 ∈ h|Γ1, v : T |i (34)

Before spelling out the translation of P ′, we record some considerations. By eorem 5.1, the ′ translation preserves types: Q ∈ LΓ ⊢ST P M implies Q ⊢LL JΓKℓ. Since P → P , eorem 2.3 ′ ′ ensures Γ ⊢ST P . Again, by eorem 5.1, O ∈ LΓ ⊢ST P M implies O ⊢LL JΓKℓ. Also, since v Γ2,y : S,t : T ⊢ST P2, then by Lemma B.1 we have Γ2,y : S, v : T ⊢ST P2[ /t] and by well- ′ typedness v∈ / fn(P2). By Deﬁnition 5.4, the translation of P is as follows: ′ v LΓ ⊢ST P M = LΓ1, (Γ2, v : T ) ⊢ST (νxy : S)(P1 | P2[ /t])M

′ ′ ′ ′ = C1[Q1] | G2 : C1 ∈Cx:S,Q1 ∈ LΓ1, x : S ⊢ST P1M, G2 ∈ h|Γ2, v : T |i

B1 |∪ {z } ′ ′ ′ v ′ G1 | C2[Q2]: C2 ∈Cy:S,Q2 ∈ LΓ2,y : S, v : T ⊢ST P2[ /t]M, G1 ∈ h|Γ1|i

B2 where: | {z } ′ ν ′ B1 = G2 | ( x) Q1 | Px : ′ x ′ Px ∈ h|S|i ,Q1 ∈ LΓ1, x : S ⊢ST P1M, G2 ∈ h|Γ2, v : T |i (35) ′ ν ′ B2 = G1 | ( y) Q2 | Py : ′ y v ′ Py ∈ h|S|i ,Q2 ∈ LΓ2,y : S, v : T ⊢ST P2[ /t]M, G1 ∈ h|Γ1|i (36)

We now show that every process in LΓ ⊢ST P M reduces into a process in LΓ ⊢ST P ′M. We address two distinct sub-cases:

′ (i) We show that every Q ∈ A1 (cf. Equation (33)) reduces to a Q ∈ B1 (cf. Equation (35)); ′ ′′ (ii) We show that every Q ∈ A2 (cf. Equation (34)) reduces to a Q such that Q + R, with R ∈ B2 (cf. Equation (36)).

55 ν ∗ Sub-case (i). Let Q = G2 | ( x) x(w). [v ↔w] | P1 | Px be an arbitrary process in A1, with P ∈ h|?T.S|ix. By Deﬁnition 5.1: x x t x h|?T.S|i = x(t).(Qt | Qx): Qt ∈ h|T |i ∧ Qx ∈ h|S|i

ν ∗ Q = G2 | ( x) x(w). [v ↔w] | P1 | Px ν ∗ = G2 | ( x)x(w).[v ↔w] | P1 | x(t).(Qt | Qx) ν ν ∗ → G2 | ( x)( w) [v ↔w] | P1 | Qw | Qx ν ∗ ′ G2 | Qv | ( x) P 1 | Qx , Q →֒

Recall that ֒→ is structural congruence extended with a reduction by Rule (R-Fwd).) We shall show) ′ that Q ∈ B1. Let us consider/recall the provenance of its diﬀerent components:

(a) G2 ∈ h|Γ2|i v (b) Since Qv stands for Qt[w/t][v/w], we have Qv ∈ h|T |i . ∗ (c) P1 ∈ LΓ1, x : S ⊢ST P1M. x (d) Qx ∈ h|S|i By Proposition B.1, Items (a) and (b) above entail:

(e) G2 | Qv ∈ h|Γ2, v : T |i In turn, by considering Items (c), (d), and (e), together with Equation (35), it is immediate to see that ′ ′ ′ Q ∈ B1. erefore, Q ∈ LΓ ⊢ST P M, as desired.

′′ We shall show that Q + R, for some R ∈ B2. Let us consider/recall the provenance of its diﬀerent components:

(a) G1 ∈ h|Γ1, v : T |i ∗ k (b) By Lemma B.2, P2 [k/t] ∈ LΓ2,y : S, k : T ⊢ST P2[ /t]M. k (c) Qk ∈ h|T |i y (d) Qy ∈ h|S|i Furthermore, we can infer:

56 ∗ ∗ ∗ (e) From (a) and Proposition B.1, there must exist G1 and Gv such that G1 = G1 | Gv, G1 ∈ h|Γ1|i, v and Gv ∈ h|T |i . (f) By combining (b), (c) and (d), together with Proposition B.1, we have that ν ν ∗ ( y) ( k)(P2 [k/t] | Qk) | Qy ∈ h|Γ2|i. Given this, we can rewrite Q′′ as follows:

′′ ∗ ν ν ∗ Q = G1 | Gv | ( y) ( k)(P2 [k/t] | Qk) | Qy (37) We now consider an arbitrary R ∈ B2. By Equation (36), we have that

′ ν ′ R , G1 | ( y) Q2 | Py (38)

with

′ ′ (a ) G1 ∈ h|Γ1|i ′ v (b ) Q2 ∈ LΓ2,y : S, v : T ⊢ST P2[ /t]M ′ ′ y (c ) Py ∈ h|S|i

′ ′ ′ By Lemma 5.1 and (c ), we can infer: Py ⊢LL y : JSKℓ; and by eorem 5.1 and (b ), we can infer: Q2 ⊢LL JΓ2,y : S, v : T Kℓ. Finally, we have: ′ ν ′ (d ) ( y) Q2 | Py ⊢LL JΓ2Kℓ, Jv : T Kℓ We now compare Q′′ and R (as in Equation (37) and Equation (38), respectively). By Lemma 5.1 and ′′ (e) and (f) above, it is easy to see that Q , R ⊢LL JΓ1Kℓ, JΓ2Kℓ, Jv : T Kℓ. en, by Deﬁnition 5.5, we have that Q′′ + R. erefore, there is an R such that Q′′ + R, with R ∈ LΓ ⊢ST P ′M, as desired. is concludes the analysis for Case (R-Com).

2. Case(R-Case):

′ ′′ ′ P , (νxy : S )(x⊳lj.Q | y⊲ {li : Ri}i∈I ) → (νxy : S )(Q | Rj ) , P

′ Since Γ ⊢ST P , then by inversion S = ⊕{li : Si}i∈I for some Si, with i ∈ I. For simplicity, let us ′′ write Ti to denote the dual of any Si. As a result of the reduction, we have S = Sj for some j ∈ I. Again by inversion we have the following derivation:

(T-Sel) (T-Brch) Γ1, x : Sj ⊢ST Q ∃j ∈ I Γ2,y : Ti ⊢ST Ri ∀i ∈ I

Γ1, x : ⊕{li : Si}i∈I ⊢ST x⊳lj.Q Γ2,y :&{li : Ti}i∈I ⊢ST y⊲ {li : Ri}i∈I (T-Par) (Γ1, x : ⊕{li : Si}i∈I ), (Γ2,y :&{li : Ti}i∈I ) ⊢ST x⊳lj.Q | y⊲ {li : Ri}i∈I T-Res ′ ( ) Γ1, Γ2 ⊢ST (νxy : S )(x⊳lj .Q | y⊲ {li : Ri}i∈I )

57 By Deﬁnition 5.4 the translation of P is as follows:

′ LΓ ⊢ST P M = LΓ ⊢ST (νxy : S )(x⊳lj.Q | y⊲ {li : Ri}i∈I )M

= C1[Q1] | G2 : C1 ∈Cx:&{li:Ti}i∈I ,Q1 ∈ LΓ1, x : ⊕{li : Si}i∈I ⊢ST x⊳lj .QM, G2 ∈ h|Γ2|i

A1 |∪ {z }

G1 | C2[Q2]: C2 ∈Cy:⊕{li:Si}i∈I ,Q2 ∈ LΓ2,y :&{li : Ti}i∈I ⊢ST y⊲ {li : Ri}i∈I M, G1 ∈ h|Γ1|i

A2 where: | {z }

∗ A1 = G2 | (νx) x⊳lj.Q | Px : ∗ x Q ∈ LΓ1, x : Sj ⊢ST QM, Px ∈ h|&{li : Ti}i∈I |i , G2 ∈ h|Γ2|i (39) ν ∗ A2 = G1 | ( y) y⊲ {li : Ri }i∈I | Py : ∗ y Ri ∈ LΓ2,y : Ti ⊢ST RiM, Py ∈ h|⊕{li : Si}i∈I |i , G1 ∈ h|Γ1|i (40)

Before spelling out the translation of P ′, we record some considerations. By eorem 5.1, M ∈ ′ ′ LΓ ⊢ST P M implies M ⊢LL JΓKℓ. Since P → P , then by eorem 2.3 we have Γ ⊢ST P . Again, by ′ ′ eorem 5.1, O ∈ LΓ ⊢ST P M implies O ⊢LL JΓKℓ. By Deﬁnition 5.4 the encoding of P is as follows:

′ LΓ ⊢ST P M = LΓ ⊢ST (νxy : Sj )(Q | Rj )M

′ ′ ∗ ′ ∗ ′ = G2 | C1 Q : C1 ∈Cx:Tj ,Q ∈ LΓ1, x : Sj ⊢ST QM, G2 ∈ h|Γ2|i

B1 |∪ {z } ′ ′ ∗ ′ ∗ ′ {G1 | C2 Rj : C2 ∈Cy:Sj , Rj ∈ LΓ2,y : Tj ⊢ST Rj M, G1 ∈ h|Γ1|i}

B2 where: | {z }

′ ν ∗ ′ ∗ ′ x ′ B1 = G2 | ( x)(Q | Px): Q ∈ LΓ1, x : Sj ⊢ST QM, Px ∈ h|Tj |i , G2 ∈ h|Γ2|i (41) ′ ν ∗ ′ ∗ ′ y ′ B2 = {G1 | ( y)(Rj | Py): Rj ∈ LΓ2,y : Tj ⊢ST Rj M, Py ∈ h|Sj |i , G1 ∈ h|Γ1|i} (42)

We now show that every process in LΓ ⊢ST P M reduces into a process in LΓ ⊢ST P ′M. We address two distinct sub-cases:

′ (i) We show that every Q ∈ A1 (cf. Equation (39)) reduces to a Q ∈ B1 (cf. Equation (41)); ′′ (ii) Similarly, we show that every Q ∈ A2 (cf. Equation (40)) reduces to a Q ∈ B2 (cf. Equa- tion (42)).

∗ ∗ Sub-case (i). Let Q = G2 | (νx) x⊳lj .Q | Px be an arbitrary process in A1, with Q ∈ x LΓ , x : Sj ⊢ST QM and Px ∈ h|&{li : Ti}i I |i . By Deﬁnition 5.1, we may then let Px = x⊲ {li : 1 ∈

58 x Pi}i∈I , such that Pi ∈ h|Ti|i , for all i ∈ I. By applying Rule (R-ChCase) (cf. Figure 4), we have:

∗ Q , G2 | (νx) x⊳lj .Q | Px ∗ ′ → G2 | (νx)Q | Pj , Q

′ We shall show that Q ∈ B1. Let us consider/recall the provenance of its diﬀerent components:

(a) G2 ∈ h|Γ2|i ∗ (b) Q ∈ LΓ1, x : Sj ⊢ST QM. x (c) Pj ∈ h|Tj |i .

′ By considering Items (a) – (c), together with Equation (41), it is immediate to see that Q ∈ B1. erefore, Q′ ∈ LΓ ⊢ST P ′M, as desired.

ν ∗ Sub-case (ii). Let Q = G1 | ( y) y ⊲ {li : Ri }i∈I | Py be an arbitrary process in A2, with ∗ y Ri ∈ LΓ2,y : Ti ⊢ST RiM and Py ∈ h|⊕{li : Si}i∈I |i . By Deﬁnition 5.1, Py is one of the processes y in the union i∈I y⊳li.Pi : Pi ∈ h|Si|i . We then choose Py = y⊳lj .Pj such that j ∈ I and y Pj ∈ h|Sj |i . By applying Rule (R-ChCase) (cf. Figure 4), we have: S ν ∗ Q , G1 | ( y) y⊲ {li : Ri }i∈I | y⊳lj .Pj ν ∗ ′′ → G1 | ( y)Rj | Pj , Q

′′ We shall show that Q ∈ B2. Let us consider/recall the provenance of its diﬀerent components:

(a) G1 ∈ h|Γ1|i ∗ (b) Rj ∈ LΓ2,y : Tj ⊢ST Rj M. y (c) Pj ∈ h|Sj |i .

′′ By considering Items (a) – (c), together with Equation (42), it is immediate to see that Q ∈ B2. erefore, Q′′ ∈ LΓ ⊢ST P ′M, as desired. is concludes the analysis for Case (R-Case) (and for Part 1).

Part 2. Let P ∈ K and Q ∈ LΓ ⊢ST P M. Suppose that Q →֒→ Q′; we now show that (i) there is a P ′ such that P → P ′ and (ii) Q′ + R, for some R ∈ LΓ ⊢ST P ′M. →֒→ We first argue for (i), i.e., the existence of a reduction P → P ′. Notice that for the reduction(s) Q Q′ to occur, there must exist two complementary prefixes occurring at top level in Q. By Definition 5.4 and, crucially, by the assumption P ∈ K, the same two prefixes occur at top-level also in P and can reduce; indeed, without the assumption P ∈ K, it could be that P cannot reduce due to a deadlock. Hence, P can mimic the reduction from Q, up to structural congruence: P → P ′. It then suffices to prove the theorem for M ≡ P , in which the two prefixes involved occur in contiguous positions and can reduce. To address (ii), we now relate P ′ and Q′ by considering two main cases for the reduction originating from Q (cf. Figure 4): (1) it corresponds to an input-output communication via Rule (R-ChCom); and (2) it corresponds to a selection-branching interaction via Rule (R-ChCase). (e third case, corresponding to Rule (R-ChRes), is straightforward using the induction hypothesis.) We detail these two cases; the analysis largely mirrors the one given in Part 1:

59 ′ ′ 1. Case M = E (νxy : S )(xhvi.P1 | y(t : T ).P2) →E (νxy : S)(P1 | P2[v/t]) , P . Since Γ ⊢ST P , by eorem 2.2 Γ ⊢ST M. By inversion, S′ = !T.S for some S. en, again by inversion Γ=(Γ1, v : T ), Γ2. By Deﬁnition 5.4, LΓ ⊢ST MM = A1 ∪ A2, where: ν ∗ ∗ x A1 = F G2 | ( x) x(w). [v ↔w] | P1 | Px : P1 ∈ LΓ1, x : S ⊢ST P1M, Px ∈ h|?T.S|i , G2 ∈ h|Γ2|i ν ∗ ∗ y A2 = HG1 | ( y)y(t).P2 | Py : P2 ∈ LΓ2,y : S,t : T ⊢ST P2M, Py ∈ h|!T.S|i , G1 ∈ h|Γ1, v : T |i ′ Also by Deﬁnition 5.4, we have thatLΓ ⊢ST P M = B1 ∪ B2, where: ′ ν ′ ′ x ′ B1 = F G2 | ( x) Q1 | Px : Px ∈ h|S|i ,Q1 ∈ LΓ1, x : S ⊢ST P1M, G2 ∈ h|Γ2, v : T |i ′ ν ′ ′ y v ′ B2 = HG1 | ( y)Q2 | Py : Py ∈ h|S|i ,Q2 ∈ LΓ2,y : S, v : T ⊢ST P2[ /t]M, G1 ∈ h| Γ1|i

We now address two distinct sub-cases:

′ (i) We show that every Q ∈ A1 reduces to a Q ∈ B1; ′ ′ (ii) Similarly, we show that every Q ∈ A2 reduces to a Q such that Q + R and R ∈ B2.

ν ∗ Sub-case (i). Let Q = F G2 | ( x) x(w). [v ↔w] | P1 | Px be an arbitrary process in A1, with P ∈ h|?T.S|ix. By Deﬁnition 5.1 we have that x x t x h|?T.S|i = x(t).(Qt | Qx): Qt ∈ h|T |i ∧ Qx ∈ h|S|i

t x We may then let Px = x(t).(Qt |Qx) where Qt ∈ h|T |i and Qx ∈ h|S|i . ByapplyingRules( R-ChCom) and (R-Fwd) (cf. Figure 4) we have: ν ∗ Q , F G2 | ( x) x(w). [v ↔w] | P1 | Px ν ∗ = FG2 | ( x)x(w).[v ↔w] | P1 | x(t).(Qt | Qx) ν ν ∗ → FG2 | ( x)( w) [v ↔w] | P1 | Qw | Qx ν ∗ ′ FG2 | Qv | ( x) P 1 | Qx , Q →֒

It is then easy to see that Q′ + R , with R ∈ LΓ ⊢ST P ′M, as wanted.

60 ′ ′′ ′ 2. Case M = E (νxy : S )(x⊳lj .Q | y⊲ {li : Ri}i∈I ) →E (νxy : S )(Q | Rj ) , P . ′ Since Γ ⊢ST P , by eorem 2.2 also Γ ⊢ST M. By inversion let S = ⊕{li : Si}i∈I for some session types Si (i ∈ I). By Deﬁnition 5.4, LΓ ⊢ST MM = A1 ∪ A2, where:

∗ ∗ x A1 = F G2 | (νx) x⊳lj .Q | Px : Q ∈ LΓ1, x : Sj ⊢ST QM, Px ∈ h|&{li : Ti}i∈I |i , G2 ∈ h|Γ2|i ν ∗ ∗ y A2 = HG1 | ( y) y⊲ {li : Ri }i∈I | Py : Ri ∈ LΓ2,y : Ti ⊢ST RiM, Py ∈ h|⊕{li : Si}i∈I |i , G1 ∈ h|Γ1|i ′ Also, by Deﬁnition 5.4 , we have that LΓ ⊢STP M = B1 ∪ B2, where: ′ ν ∗ ′ ∗ ′ x ′ B1 = F G2 | ( x)(Q | Px) : Q ∈ LΓ1, x : Sj ⊢ST QM, Px ∈ h|Tj |i , G2 ∈ h|Γ2|i ′ ν ∗ ′ ∗ ′ y ′ B2 = HG1 | ( y)(Rj | Py) : Rj ∈ LΓ2,y : Tj ⊢ST Rj M, Py ∈ h|Sj |i , G1 ∈ h|Γ1|i

As before, we now address two distinct sub-cases:

′ (i) We show that every Q ∈ A1 reduces to a Q ∈ B1; ′ (ii) Similarly, we show that every Q ∈ A2 reduces to a Q ∈ B2.

∗ Sub-case (i). Let Q = F G2 | (νx) x⊳lj .Q | Px be an arbitrary process in A1. By Deﬁnition 5.1, x x since Px ∈ h|&{li : Ti}i I |i , then Px = x⊲ {li : Pi}i I with Pi ∈ h|Ti|i , for all i ∈ I. By applying ∈ ∈ Rule (R-ChCase) (cf. Figure 4), and leing j ∈ I we have:

∗ Q , F G2 | (νx) x⊳lj.Q | Px ∗ ′ → FG2 | (νx)Q | Pj , Q

′ ′ ′ It is then easy to see that Q ∈ B1, and therefore Q∈ LΓ ⊢STP M, as desired. ν ∗ Sub-case (ii). Let Q = H G1 | ( y) y⊲{li : Ri }i∈I | y⊳lj.Pj be an arbitrary process in A2, with ∗ y Ri ∈ LΓ2,y : Ti ⊢ST RiM. By Deﬁnition 5.1, since Py ∈ h|⊕{li : Si}i∈I |i = i∈I y⊳li.Pi : Pi ∈ y h|Si|i , it means that Py is one of the processes in the union. We may then choose Py = y⊳lj .Pj y S such that j ∈ I and Pj ∈ h|Sj |i . By applying Rule (R-ChCase) (cf. Figure 4) we have:

ν ∗ Q , H G1 | ( y) y⊲ {li : Ri }i∈I | y⊳lj .Pj ν ∗ ′ → HG1 | ( y)Rj | Pj , Q

y ′ y ′ ′ ′ Since Pj ∈ h|Sj |i and Py ∈ h|Sj |i , it is then easy to see that Q ∈ B2, and therefore Q ∈ LΓ ⊢ST P M, as desired. is concludes the analysis for this case (and for Part 2).

C Details on the Second Translation (§5.3) C.1 A Session Type System for Value Dependencies We deﬁne an extension of the session type system in §2, in which typing judgments are of the form

Γ ⋄ Ψ ⊢ST P

61 un(Γ) Γ1 ⋄ Ψ ⊢ST P Γ2 ⋄ Φ ⊢ST Q (T-NilD) (T-ParD) Γ ⋄∅⊢ST 0 Γ1, Γ2 ⋄ Ψ, Φ ⊢ST P | Q

(T-InD) (T-OutD) Γ, x : S,y : T ⋄ Ψ ⊢ST P Γ, x : S ⋄ Ψ ⊢ST P + 0 + + + 0 + + Γ , x : ? T.S ⋄ Ψ , (x, y, 0) ⊢ST x(y).P Γ , x :! T.S ,y : T ⋄ Ψ , hx, y, 0i⊢ST xhyi.P

(T-BrchD) (T-SelD) Γ, x : Si ⋄ Ψ ⊢ST Pi ∀i ∈ I Γ, x : Sj ⋄ Ψ ⊢ST P ∃j ∈ I + + Γ , x :&{li : Si}i∈I ⋄ Ψ ⊢ST x⊲ {li : Pi}i∈I Γ , x : ⊕{li : Si}i∈I ⋄ Ψ ⊢ST x⊳lj .P

(T-ResD) ′ Γ, x : T,y : T ⋄ Ψ ⊢ST P Ψ ≍x,y Ψ ↓x, Ψ ↓y, Ψ ′ Γ ⋄ Ψ ⊢ST (νxy)P

Figure 13: Typing rules for the π-calculus with session types with value dependency tracking. where the typing context Γ is as before and the new dependency context Ψ contains triples (a,x,n) and ha,x,ni, with n ≥ 0: while the first triple denotes an input of object x along subject a, the laer denotes output prefixes. As a result, the dependency context Ψ describes all communication prefixes in P and their distance to top-level. Indeed, the n in (a,x,n) and ha,x,ni helps us to track the position of the process prefix in relation to its session type, and to describe several value dependencies along a certain name. To this end, we consider annotated output and input session types, wrien !nS.T and ?nS.T (with n ≥ 0), respectively; other types remain unchanged, for they do not involve passing of values. In the following, we use Ψ, Φ,... to denote dependency contexts; we sometimes write Ψ(x) to make explicit that Ψ concerns names in the sequence x (and similarly for Γ(x)). Figure 13 gives the typing rules required for supporting Ψ and annotated session types; theye make use of the following auxiliary notions. e e Definition C.1. Given an annotated session type S and contexts Ψ and Γ, operations S+ and Ψ+ and Γ+ increment annotations in types and in triples:

(!nS.T )+ , !n+1S.T + (Ψ, (a,x,n))+ , Ψ+, (a,x,n + 1) (?nS.T )+ , ?n+1S.T + (Ψ, ha,x,ni)+ , Ψ+, ha,x,n +1i + + + + + &{li : Si}i∈I , &{li : Si }i∈I (Γ, x : T ) , Γ , x : T + + + ⊕{li : Si}i∈I , ⊕{li : Si }i∈I ( · ) , · end+ , end

We discuss the new typing rules for sessions with value dependencies, given in Figure 13. e most interesting cases are (T-InD) and (T-OutD), which record communication subjects and objects as they occur in the input and output processes, respectively. e number annotation tracks the “distance” from top-level, which in the case of top-level input or output is simply 0. e annotations related to the continuation

62 process P are incremented, as captured by S+ and Ψ+ (cf. Definition C.1). Rule (T-ParD) simply combines the prefix information in the two parallel sub-processes. To formalize Rule (T-ResD), we need a couple of auxiliary definitions. We write Ψ ↓x to denote the result of “projecting” Ψ onto name x, giving the set containing all tuples in which x appears free, namely as input subject, output subject or output object. Formally: Definition C.2 (Projection of Ψ). Let Ψ be a context, and x a name.

Ψ ↓x , {(x,w,n) ∈ Ψ ∨ hx,w,ni ∈ Ψ ∨ hw,x,ni ∈ Ψ, for some name w and n ≥ 0} With this notion, we now define the decomposition of context Ψ under names x and y: Definition C.3 (Decomposition of Ψ). Let Ψ be a context, and x and y names. e decomposition of Ψ under x and y is defined as follows: ′ Ψ ≍x,y Ψ ↓x, Ψ ↓y, Ψ ′ such that Ψ = (Ψ \ Ψ ↓x) ∪ (Ψ \ Ψ ↓y). Rule (T-ResD) decomposes Ψ using Definition C.3: context Ψ, used to type process P , is decomposed under names x and y; the remaining context Ψ′ is used to type process (νxy)P . us, intuitively, since Ψ is used to track free names in P , then triples where x and y occur free must be removed from Ψ in order to type (νxy)P . Remaining rules are self-explanatory. It is immediate to see that main results for the type system in §2 (eorems 2.3 and 2.4) extend to the type system with Ψ and annotations in input and output session types. Example C.1 (e Extended Type System at Work). Using the rules in Figure 13, we have the following typing derivation for process ahni.b(u).chui.0 (similar to sub-process a0hni.a1(u).a2hui.0 from Exam- ple 5.4): (T-NilD) a : end,b : end,c : end ⋄∅⊢ST 0 T-OutD 0 ( ) a : end,b : end,c :! U.end,u : U ⋄ hc, u, 0i⊢ST chui.0 (T-InD) a : end,b : ?0U.end,c :!1U.end ⋄ (b, u, 0), hc, u, 1i⊢ST b(u).chui.0 T-OutD 0 1 2 ( ) a :! end.end,b : ? U.end,c :! U.end ⋄ ha, n, 0i, (b, u, 1), hc, u, 2i ⊢ST ahni.b(u).chui.0

Γ Ψ where| U , ?end.end{z. Using Ψ, the dependency} | between{z sessions c}and b can be read as: “the output on c, which is two preﬁxes away from top-level, depends on the value received on b, which is one preﬁx away”.

C.2 Value Dependencies

Given a typed process Γ ⋄ Ψ ⊢ST P , we now deﬁne the value dependencies induced by preﬁxes in P , but not captured by Γ:

Deﬁnition C.4 (Set of Value Dependencies). Let P be a process such that Γ ⋄ Ψ ⊢ST P . e value dependencies of P are given by the set LΨM, which is deﬁned as LΨM , (xn,zm): ∃y.(x,y,n) ∈ Ψ ∧ hz,y,mi ∈ Ψ We sometimes write (xn,zm): S when the dependency involves a value of type S. We write dom(Ψ) to stand for the set {x : (xn,zm) ∈ LΨM ∨ (zm, xn) ∈ LΨM}.

63 us, the pair (an,bm) denotes a value dependency of an (output) preﬁx along session b on an (input) preﬁx along session a.

Example C.2. Consider process Γ ⋄ Ψ ⊢ST ahni.b(u).chui.0 from Example C.1. We can now track the 1 2 value dependency between c and b, because LΨM = {(b ,c )}. Similarly, sub-process a0hni.a1(u).a2hui.0 1 2 from Example 5.4 has a value dependency (a1,a2). We now develop some auxiliary definitions, which are required to define characteristic processes and catalyzers that exploit value dependencies. n m We may interpret LΨM as a binary relation on typing assignments in Γ, in which each (wj , wk ) ∈ LΨM, with Γ(wj ) = Tj and Γ(wk)= Tk, defines a pair (wj : Tj, wk : Tk). In turn, this relation can be seen as a directed graph, with edges wj : Tj → wk : Tk. In the following, we shall consider only typed processes whose associated LΨM: • is simple, i.e., for any x,z,S there is at most one dependency (xn,zm): S ∈ LΨM. • determines a tree-like structure, without cycles, on Γ. While considering simple LΨM simplifies some definitions, considering tree-like structures (rather than arbitrary relations) is necessary to ensure that the characteristic processes obtained from Γ and Ψ are typable in L; see Lemma C.1 and Lemma C.2 below. A tree-like interpretation of Γ via LΨM does not necessarily define a fully connected structure. For instance, Γ can have assignments not involved in any value dependency. Actually, LΨM defines a forest (a set of trees). is is formalized in the definition below, where the index i relates wi : Ti (a type assignment) and Ti (its corresponding tree):

Definition C.5 (Forest of a Context). Let Γ = w1:T1,...,wn:Tn be a typing context and Ψ its associated dependency context. e forest of Γ (under Ψ) is defined as FΨ(Γ) = {Tj }j∈J , where each Tj is n m interpreted as a tree with root wj : Tj ∈ Γ. Each dependency (wj , wk ) ∈ LΨM (if any) defines a relation between parent Tj and child Tk, which is a tree inductively defined with root wk : Tk. We write child(Tj ) to denote the set of offspring of Tj . We illustrate the above notions by means of examples.

Example C.3 (No Dependencies). If Γ= w1:T1,...,wn:Tn and LΨM = ∅ then the forest of Γ will have as many trees as there are assignments in it, i.e., FΨ(Γ) = {T1,..., Tn}, with child(Ti)= ∅, for all Ti. Example C.4 (A Simple Tree). Let Γ and Ψ be such that

Γ= x1 : ?S.end, x2 :!S.?T1.?T2.end, x3 :!T1.end, x4 :!T2.end

LΨM = {(x1, x2): S, (x2, x3): T1, (x2, x4): T2} where we have omied annotations. Note that LΨM is simple and induces a tree-like structure. Indeed we have: child(T1)= {T2}, child(T2) = {T3, T4}, child(T3)= child(T4)= ∅, and so the forest FΨ(Γ) contains a single tree with two levels, with root x1 : T1. As a non-example of a simple, tree-like structure, consider: ′ Γ = x1 : ?S.!T.end, x2 :!S.?T.end ′ LΨ M = {(x1, x2): S, (x2, x1): T } Clearly, LΨ′M induces a graph-like structure, with a simple cycle, on Γ′. We now move on to exploit both the value dependencies LΨM and the (annotated) context Γ to refine the definitions of characteristic processes (Definition 5.1) and catalyzer contexts (Definition 5.3).

64 C.3 Characteristic Processes Refined with Value Dependencies To refine the definition of characteristic processes, the key idea is simple: given a dependency (an,bm) n m between two sessions a : ? T.S1 and b :! T.S2, rather than implementing two isolated characteristic processes for the two sessions, we use a so-called bridging session (denoted cab) to implement the dependency between the characteristic processes. To this end, we first revisit Definition 5.1, as follows:

Deﬁnition C.6 (Characteristic Processes of a Session Type, with Value Dependencies). Let Ψ be a dependency context. Given a name x, the set of characteristic processes of the (annotated) session type T under x Ψ, denoted h|T |iΨ, is inductively deﬁned as follows:

x(y).c (w).([y ↔w] | Q): Q ∈ h|S|ix if (xn,zm) ∈ LΨM n ′ x , xz Ψ h|? T .S|iΨ ′ y x (x(y).(P | Q): P ∈ h|T |iΨ ∧ Q ∈ h|S|iΨ otherwise c (y).x(w).([y ↔w] | Q): Q ∈ h|S|ix if (zm, xn) ∈ LΨM h|!nT ′.S|ix , zx Ψ Ψ ′ y x (x(y).(P | Q): P ∈ h|T |iΨ ∧ Q ∈ h|S|iΨ otherwise x x h|&{li : Si}i∈I |iΨ , x⊲ {li : Pi}i∈I : ∀i ∈ I. Pi ∈ h|Si|iΨ x x h|⊕ {li : Si}i∈I |iΨ , x⊳li.Pi : Pi ∈ h|Si|iΨ i∈I [ end x 0 h| |iΨ , { }

Changes with respect to Definition 5.1 are in the cases of input and output types, which now implement an additional session if, according to LΨM, the respective sessions are involved in a value dependency. n x Indeed, the definition of h|? T.S|iΨ forwards the value received on x along a channel cxz whenever sessions n x along x and z are related via a value dependency. Accordingly, the first action in the definition of h|! T.S|iΨ is an input along cxz: the received value will be emied along x, thus completing the intended forwarding. Using this refined definition of characteristic processes, we may now revisit the definition of the characteristic processes of a typing context (Definition 5.2). In order to ensure type preservation (cf. Lemma C.1 below), the main difference is the need for outermost restrictions that hide the behavior along the bridging sessions created in Definition C.6. We use the tree-like interpretation of Ψ (Definition C.5) to appropriately close these bridging sessions:

Deﬁnition C.7 (Characteristic Processes of a Typing Context, with Value Dependencies). Assume Γ = w1:T1,...,wn:Tn and Ψ. Recall that Ti denotes the tree rooted by wi : Ti ∈ Γ.

1. e set of processes Ni is deﬁned for each Ti (with 1 ≤ i ≤ n) as:

wi T h|Ti|iΨ if child( i)= ∅ ν ] wi T T T ({( cwiwj )(Q | j∈{1,...,m} Qj): Q ∈ h|Ti|iΨ ∧ Qj ∈ Nj} if child( i)= { 1,..., m}. (43) Q

2. Suppose that FΨ(Γ) = {T1,..., Tk}, with 1 ≤ k ≤ n. e characteristic processes of Γ is defined as the set h|Γ|iΨ , {P1 | ··· | Pk : Pi ∈ Ni} with Ni as in (1). us, the set of characteristic processes of Γ is built by exploiting the hierarchy of type assignments defined by FΨ(Γ). is is required, because we need to connect each individual characteristic process using the bridging sessions cwiwj . is definition is a strict generalization of Definition 5.2: with LΨM = ∅,

65 wi wi every set Ni coincides with the set h|Ti|iΨ (cf. Definition C.6), which in turn coincides with h|Ti|i (cf. Definition 5.1) if LΨM = ∅. e following examples serve to illustrate this definition:

Example C.5. Consider Γ1 and Ψ1 as in Example C.1 for sub-process a0hni.a1(u).a2hui.0:

0 1 2 Γ1 , a0 :! end.end,a1 : ? U.end,a2 :! U.end

Ψ1 , ha0, n, 0i, (a1, u, 1), ha2, u, 2i 1 2 T T T By Deﬁnition C.4, LΨ1M = {(a1,a2)}. Also, by Deﬁnition C.5, FΨ1 (Γ1) = { 0, 1}, with child( 0) = child(T2)= ∅ and child(T1)= {T2}. Recalling that U , ?end.end, we have:

0end end a0 N0 = h|! . |iΨ1 2 end a0 N2 = h|! U. |iΨ1 ν 1 end a1 N1 = {( ca1a2 )(Q1 | Q2): Q1 ∈ h|? U. |iΨ1 ,Q2 ∈ N2} ′ ′ Notice that by Deﬁnition C.6 processes in N2 are of the form ca1a2 (w).a2(v).([w ↔ v] | Q ) with Q ∈ end a0 . Given these sets, we have , . h| |iΨ! h|Γ1|iΨ1 {P0 | P1 : P0 ∈ N0, P1 ∈ N1} Example C.6. Let Γ and Ψ be as in Example C.4. Expanding Deﬁnition C.7, we have:

end x4 N4 = h|!T2. |iΨ end x3 N3 = h|!T1. |iΨ ν ν end x2 N2 = {( cx2x4 )(( cx2x3 )(Q2 | Q3) | Q4): Q2 ∈ h|!S.?T1.?T2. |iΨ ,Q3 ∈ N3,Q4 ∈ N4} ν end x1 N1 = {( cx1x2 )(Q1 | Q): Q1 ∈ h|?S. |iΨ ,Q ∈ N2}

Recall that by Deﬁnition C.6 all processes in N4 will implement an input on cx2x4 . Similarly, all processes in x2 N3 will implement an input on cx2x3 . en, processes in h|T2|iΨ implement the dependency by providing T , corresponding outputs. With these sets in place, and given that FΨ(Γ) = { 1}, we have that h|Γ|iΨ {P1 : P1 ∈ N1}. Characteristic processes with value dependencies are well-typed in the system of §3.1: We repeat the statement of this lemma: Lemma C.1. Let T , Γ, and Ψ be an annotated session type, a session typing context, and a dependency context, respectively.

x 1. For all P ∈ h|T |iΨ, we have P ⊢LL x : JT Kℓ, ∆, for some ∆ (possibly empty).

2. For all P ∈ h|Γ|iΨ, we have P ⊢LL JΓKℓ. Proof. We consider both parts separately, assuming LΨM 6= ∅: the case LΨM = ∅ corresponds to Lemma 5.1.

Part 1. e proof is by induction on the structure of T . us, there are ﬁve cases to consider. e most interesting cases are those for input and output session types with value dependencies; by Deﬁnition C.6, the other cases (input/output without value dependencies, selection, branching) are as in the proof of Lemma 5.1 (§B.1).

end x 0 end T- 1. h| |iΨ = . is case follows easily by the fact that J Kℓ = • and by Rule ( 1). 66 n x x n m 2. h|? T.S|iΨ = x(y).cxz(w).([y ↔w] | Q): Q ∈ h|S|iΨ , if (x ,z ) ∈ LΨM. By induction hypothesis, Q ⊢LL Θ, x : JSKℓ, for some context Θ. Here we distinguish the following two sub-cases, depending on whether name cxz already occurs in Q.

(a) cxz ∈/ dom(Θ). By Rules (T-⊗) and (T-O) applied in sequence we have:

Q ⊢LL x : JSKℓ, Θ (T-id) (⊥) [y ↔w] ⊢LL y : JT Kℓ, w : JT Kℓ Q ⊢LL x : JSKℓ, Θ,cxz : • (⊗) cxz(w).([y ↔w] | Q) ⊢LL y : JT Kℓ, x : JSKℓ, Θ,cxz : JT Kℓ ⊗• (O) x(y).cxz(w).([y ↔w] | Q) ⊢LL Θ, x : JT Kℓ O JSKℓ,cxz : JT Kℓ ⊗•

By encoding of types in Figure 10, we have J?T.SKℓ = JT Kℓ O JSKℓ. Hence, in this case ∆ = Θ,cxz : JT Kℓ ⊗•. ′ (b) (cxz : JUKℓ) ∈ Θ. Let Θ=Θ ,cxz : JUKℓ. en, we have the following derivation:

T-id ( ) ′ [y ↔w] ⊢LL y : JT Kℓ, w : JT Kℓ Q ⊢LL x : JSKℓ, Θ ,cxz : JUKℓ ⊗ ′ ( ) cxz(w).([y ↔w] | Q) ⊢LL y : JT Kℓ, x : JSKℓ, Θ ,cxz : JT Kℓ ⊗ JUKℓ O ′ ( ) x(y).cxz(w).([y ↔w] | Q) ⊢LL Θ , x : JT Kℓ O JSKℓ,cxz : JT Kℓ ⊗ JUKℓ

By encoding of types in Figure 10, we have J?T.SKℓ = JT Kℓ O JSKℓ. Hence, in this case ∆ = ′ Θ ,cxz : JT Kℓ ⊗ JUKℓ.

n x x m n 3. h|! T.S|iΨ = czx(y).x(w).([y ↔w] | Q): Q ∈ h|S|iΨ if (z , x ) ∈ LΨM. By induction hypothesis, Q ⊢LL x : JSKℓ, Θ, for some typing Θ. Here we distinguish the following two sub-cases, depending on whether name cxz already occurs in Q.

(a) cxz ∈/ dom(Θ). By Rules (T-⊗) and (T-O) applied in sequence we have:

Q ⊢LL x : JSKℓ, Θ (T-id) (⊥) [y ↔w] ⊢LL y : JT Kℓ, w : JT Kℓ Q ⊢LL x : JSKℓ, Θ,cxz : • (⊗) x(w).([y ↔w] | Q) ⊢LL y : JT Kℓ, Θ, x : JT Kℓ ⊗ JSKℓ,cxz : • (O) czx(y).x(w).([y ↔w] | Q) ⊢LL Θ, x : JT Kℓ ⊗ JSKℓ,cxz : JT Kℓ O •

By encoding of types in Figure 10, we have J!T.SKℓ = JT Kℓ ⊗ JSKℓ. Hence, in this case ∆ = Θ,cxz : JT Kℓ O •. ′ (b) (cxz : JUKℓ) ∈ Θ. Let Θ=Θ ,cxz : JUKℓ. en, we have the following derivation:

T-id ( ) ′ [y ↔w] ⊢LL y : JT Kℓ, w : JT Kℓ Q ⊢LL x : JSKℓ, Θ ,cxz : JUKℓ ⊗ ′ ( ) x(w).([y ↔w] | Q) ⊢LL y : JT Kℓ, Θ , x : JT Kℓ ⊗ JSKℓ,cxz : JUKℓ O ′ ( ) czx(y).x(w).([y ↔w] | Q) ⊢LL Θ , x : JT Kℓ ⊗ JSKℓ,cxz : JT Kℓ O JUKℓ

By encoding of types in Figure 10, we have J!T.SKℓ = JT Kℓ ⊗ JSKℓ. Hence, in this case ∆ = ′ Θ ,cxz : JT Kℓ O JUKℓ.

67 x x 4. h|&{li : Si}i∈I |iΨ = x⊲ {li : Pi}i∈I : ∀i ∈ I. Pi ∈ h|Si|iΨ . is case follows the same lines as the corresponding case in Lemma 5.1. x x 5. h|⊕ {li : Si}i∈I |iΨ = i∈I x⊳li.Pi : Pi ∈ h|Si|iΨ . is case also follows the same lines as the corresponding one in Lemma 5.1. S

Part 2. By Definition C.7, every P ∈ h|Γ|iΨ is of the form i∈{1,...,k} Pi, with Pi ∈ Ni (cf. (43)). We first prove that for every P ∈ N , we have P ⊢LL JΓ K , ∆, where Γ ⊆ Γ and ∆ is possibly empty. Γ contains i i ℓ Q i i wi : Ti and assignments connected to wi : Ti via dependencies. Recall that Ni is defined for each wi : Ti. We then proceed by induction on m, the height of Ti (the tree associated to wi : Ti):

• Base case, m = 0: en, since Ti does not have children, by deﬁnition of Ni (cf. (43)), the sets Ni wi and h|Ti|iΨ coincide. Hence, Lemma C.1(1) ensures that P ⊢LL wi : JTiKℓ, for all P ∈ Ni.

• Inductive case, m> 0. en, Ti has m levels; by Deﬁnition C.7, every Pm ∈ Ni is of the form

ν ] Pm = ( cwiwj )(Q0 | Qj) j∈{Y1,...,l} wi T T T where Q0 ∈ h|Ti|iΨ and Qj ∈ Nj , for some 1,..., l ∈ child( i). us, wi has a dependency

with each of w1,...,wl, implemented along cwiw1 ,...,cwiwl . In fact, by Lemma C.1(1):

Q0 ⊢LL wi : JTiKℓ, ∆0

where ∆0 = cwiw1 : T1,...,cwiwl : Tl.

We must prove that Pm ⊢LL JΓiKℓ. Recall that processes Q1,...,Ql are associated to trees T1,..., Tl; now, because child(Ti) = {T1,..., Tl}, the height of these trees is strictly less than that of Ti. erefore, by IH we have

Qj ⊢LL JΓj Kℓ, ∆j

for each j ∈ {1,...,l}, where ∆j = cwiwj : Sj, for some Sj . By construction, Sj is dual to Tj . (ere are no other assignments in ∆j , because Tj is a proper tree whose only visible connection T is with its parent i.) Also, JΓiKℓ = wi : JTiKℓ ∪ j∈{1,...,l}JΓj Kℓ. erefore, Pm can be typed by composing Q with each of Q ,...,Q , using l successive applications of Rule (T-cut): 0 1 l S ν ν ν ( cwiwl )(··· ( cwiw2 )(( cwiw1 )(Q0 | Q1) | Q2) | ··· | Ql) ⊢LL JΓiKℓ

is proves that Pi ∈ Ni implies Pi ⊢LL JΓiKℓ. e thesis, i∈{1,...,k} Pi ⊢LL JΓKℓ, then follows easily by composing P ,...,P : since they are all typable under disjoint contexts (JΓ K ,..., JΓ K , respectively), 1 k Q 1 ℓ k ℓ it suffices to use Rule (T-mix). e main difference between Lemma C.1 (Part 1) and the corresponding result in §5 (i.e., Lemma 5.1) is the typing context ∆, which describes the bridging sessions: if there are no dependencies then no bridging sessions occur and ∆ will be empty. Lemma C.1 (Part 2) is exactly as in Lemma 5.1: even though characteristic processes for a typing context (Definition C.7) are obtained by composing characteristic processes with bridging sessions, these sessions are closed under restriction and so no additional typing context is needed.

68 C.4 Catalyzers Reﬁned with Value Dependencies To revise Deﬁnition 5.3, we use some convenient notations: Notation C.1. We shall use the following notations:

• Let yn denote the n-th occurrence of name y with respect to top-level. • Let α, α′,... denote session prefixes of the form ?nS or !nS. • Given an annotated session type T , we use a context on types K to highlight a specific prefix α in T , i.e., we write T = K[α].

• Given an annotated session type T , we write T \ (α1, ··· , αk) to denote the type obtained from T by removing preﬁxes α1, ··· , αk (k ≥ 1). e following auxiliary deﬁnition explains how to “shorten” session types based on value dependencies. Its precise purpose will become apparent shortly.

Deﬁnition C.8 (Reﬁned Characteristic Processes). Let Γ = {x1 : T1,...,xn : Tn} and Ψ be a typing context and a dependency context, respectively.

1. Given Ψ and a name xi, we deﬁne the sets of types out m n m Ψ(xi)= {S | (xj , xi ): S ∈ LΨM} in n n m Ψ(xi)= {T | (xi , xj ): T ∈ LΨM}

2. We write i∈{1,...,n} Qi to denote the refined characteristic processes under Ψ where, each Qi satisfies: Q xi out in Qi ∈ h|Ti|iΨ If Ψ(xi)= Ψ(xi)= ∅ Q l1 lm xi out in l1 lm  i ∈ h|Ti \ (? T1, ··· , ? Tm)|iΨ If Ψ(xi)= ∅ ∧ Ψ(xi)= {T1 ,...,Tm } h1 xi out h1 in Qi ∈ h|Ti \ (! S1)|i If Ψ(xi)= {S1 } ∧ Ψ(xi)= ∅  Ψ h1 l1 lm xi out h1 in l1 lm Qi ∈ h|Ti \ (! S1, ? T1, ··· , ? Tm)|iΨ If Ψ(xi)= {S1 } ∧ Ψ(xi)= {T1 ,...,Tm }   Notice that because we assume LΨM is simple and tree-like, outΨ(xi) is either empty or a singleton—a node of the tree is either the root or has exactly one parent. We illustrate Definition C.8 with an example:

Example C.7. Considering Γ and LΨM as in Example C.4, we have:

outΨ(x1)= ∅ inΨ(x1)= {S}

outΨ(x2)= {S} inΨ(x2)= {T1,T2}

outΨ(x3)= {T1} inΨ(x2)= ∅

outΨ(x4)= {T2} inΨ(x2)= ∅

end xi Because all types in Γ are involved in value dependencies, Qi ∈ h| |iΨ , for all i ∈{1,..., 4}. We now ﬁnally ready to revise Deﬁnition 5.3:

69 Deﬁnition C.9 (Catalyzers, with Value Dependencies). Consider typing contexts Γ, Γ′ and a simple dependency context Ψ. Suppose Γ = {x1 : T1,...,xn : Tn} and |LΨM| = k, with dom(Ψ) ⊆ dom(Γ). ′ Assume that xi : Ti ∈ Γ implies yi : Ti ∈ Γ , for all xi ∈ dom(Ψ). ′ Ψ e set of catalyzers of Γ, Ψ with respect to Γ , noted CΓ|Γ′ , is deﬁned as follows:

{C[·]: C[·] = (νx)((νu)([·]σ1 ··· σk | F1 | ··· | Fk) | Q1 | ··· | Qn)} where, for the h-th element in LΨM, denoted (xl1 , xl2 ): S with x : T and x : T , we have: e e i j i i j j

u n1 u n2 n1 n2 • σh = [ h/yi ][ h/yj ], where n1 and n2 are such that Ti = Ki[! S] and Tj = Kj[? S], respec- ′ tively, for some type contexts Ki,Kj, and yi : Ti,yj : Tj ∈ Γ .

• Fh = uh(y).uh(w).([w ↔y] | 0).

In σh and Fh, name uh is fresh. Also, Q1,..., Qn are refined under Ψ as in Definition C.8. Intuitively, the above definition isolates the value dependencies from the process in the hole by first creating a separate session uk using the substitution σk; the dependency is then preserved using the forwarder process Fk. Isolating dependencies in this way modifies the session types implemented by the process in the hole; to account for these modifications, we consider characteristic processes based on shortened session types—session types in which the prefixes involved in a dependency have been removed (cf. Definition C.8). If there are no dependencies (i.e., if LΨM is empty) then we recover the definition from §5 (Definition 5.3): indeed, without dependencies there are no σh and Fh, and the condition outΨ(xi)= inΨ(xi)= ∅ follows trivially, for all xi such that xi : Ti ∈ Γ.

Example C.8 (Deﬁnition C.9 at Work). Consider process (νx1y1)(νx2y2)(P1 | P2), where P1 and P2 are deﬁned as:

0 1 2 3 y1 :! Int.? Bool.end,y2 : ? Int.? Bool.end ⋄Ψ2 ⊢ST y1(2).y1(z).y2(x).y2(w).0

Γ2 P2 0 | {z x1 : T1, x2 : T}2 ⋄Ψ1 ⊢ST |x1(u).x1(true{z).x2(u).x2(}false).

Γ1 P1

0 1 2 3 where T1 = ? Int.! Bool.end and |T2 :!{zInt.! Bool} .end. |P1 implements{z the dependency}LΨ1M = 0 2 {(x1, x2): Int}: the received value by y2(x) in P2 should be 2, not some arbitrary Int. We define context C[·] ∈ CΨ1(y1,y2) to host the translation of P in L, denoted Q . We write Γ1(y1,y2)|Γ2 2 2 Ψ1(y1,y2) and Γ1(y1,y2) to denote a name renaming on Ψ1 and Γ1, needed for consistency with the single restriction in L. Types in Γ1, Γ2 are annotated with the positions of their associated prefixes wrt the top-level. Here, relevant positions in P2 are 0 (for y1) and 2 (for y2): these are the prefixes that interact with the dependency in P1. Note that these positions in P2 are not stored in Γ1, but in Γ2. (In this simple example, the positions for x1, x2 in P1 happen to coincide with those for y1,y2 in P2; in the general case, 0 2 they do not coincide.) Using Notation C.1, we have T1 = K1[! Int] and T2 = K2[? Int], with type con- 1 3 texts K1 = [·].? Bool.end,K2 = [·].? Bool.end. us, n1 = 0,n2 = 2 and the required substitution is u 0 u 2 σ1 = [ 1/y1 ][ 1/y2 ]. We can now define C[·] by considering the value dependence from P1 as captured by Ψ1. Expanding Definition C.9 we have: C[·] = (νx1, x2)((νu1)([·]σ1 | F1) | Q1 | Q2)

70 with Q1, Q2 as in Deﬁnition C.8. As we will see, Deﬁnition C.10 translates P2 into Q2:

y1 : Int ⊗ Bool O •,y2 : Int O Bool O •⊢LL y1(z).([2↔z] | y1(z).y2(w).y2(x).0)

We now illustrate how Q2 “ﬁts into” C[·]. We ﬁrst apply σ1 to Q2:

y1 : Bool O •,y2 : Bool O •,u1 : Int ⊗ Int O •⊢LL u1(z).([2↔z] | y1(z).u1(w).y2(x).0)

By renaming the two preﬁxes involved in the dependency, we have isolated it using a new session u1. e types for y1,y2 have been shortened. e only forwarder needed is F1:

u1(y).u1(w).([w ↔y] | 0) ⊢LL u1 : Int O Int ⊗•

Clearly, Q2σ1 and F1 can be composed with a cut:

(νu1)(Q2σ1 | F1) ⊢LL y1 : ?Bool.end,y2 : ?Bool.end

end y1 end y2 We close the sessions on y1 and y2 using R1 ∈ h|?Bool. |iΨ and R2 ∈ h|?Bool. |iΨ :

C[Q2] = (νy2)((νy1)((νu1)([Q2]σ1 | F1) | R1) | R2)

Hence, C[·] closes Q2 by preserving the dependency implemented by P1. Using this new deﬁnition, we have the following lemma, which is the analog of Lemma 5.2 (Page 26) extended with value dependencies:

′ Lemma C.2 (Catalyzers with Value Dependencies Preserve Typing). Let P ⊢LL JΓKℓ, JΓ Kℓ, such that Γ1, Γ2 are typing contexts with Γ1 = Γ. Let Ψ be a simple dependency context such that dom(Ψ) ⊆ dom(Γ1). Assume that xi : Ti ∈ Γ1 implies yi : Ti ∈ Γ2, for all xi ∈ dom(Ψ). en, by leing Ψ (as in Definition C.9), we have LL ′ . C[·] ∈CΓ1|Γ2 C[P ] ⊢ JΓ Kℓ Proof (Sketch). We proceed by induction on k, the size of Γ. • Case k =1: Trivial, because no dependencies are possible and a single characteristic process suffices to close the single session in JΓKℓ and establish the thesis. • Case k = 2: ere are two sub-cases, depending on whether the two assignments are related by a value dependency. 1. If there is no value dependency then two independent characteristic processes suffice close the two sessions in JΓKℓ and establish the thesis.

l1 l2 2. Suppose there is a dependency (xi , xj ): S, with xi : Ti and xj : Tj in Γ1. is dependency should be implemented by any Ψ . By Deﬁnition C.9, any is of the form C2 ∈CΓ1|Γ2 C2[·]

(νx)((νu1)([·]σ1 | F1) | Qi | Qj )

where σ is a substitution, F is a forwarder process, and Q and Q are characteristic processes 1 1 e i j l1 deﬁned shortened versions of Ti and Tj . Observe that outΨ(xi) = ∅, inΨ(xi) = {S }, l2 outΨ(xj )= {S }, and inΨ(xj )= ∅.

71 ′ We must prove that C2[P ] ⊢LL JΓ Kℓ. We show this by successively incorporating all ingredients in C2. First, we spell out the typing for P :

′ P ⊢LL xi : JTiKℓ, xj : JTj Kℓ, JΓ Kℓ en, applying the substitution, we have:

′ ′ ′ P σ1 ⊢LL JΓ0Kℓ, xi : JTi Kℓ, xj : JTj Kℓ, JΓ Kℓ,u1 : S ⊗ S O •

′ l2 ′ l2 where Ti = Ti \ (! S) and Tj = Tj \ (? S). We now compose with the forwarder F1 = u1(y).u1(w).([w ↔y] | 0), which can be typed as F1 ⊢LL u1 : S O S ⊗•: ν ′ ′ ′ ( u1)(P σ1 | F1) ⊢LL xi : JTi Kℓ, xj : JTjKℓ, JΓ Kℓ

′ and so the thesis C2[P ] ⊢LL JΓ Kℓ holds. ′ • Case k > 2 (inductive step): We assume that Ck[P ] ⊢LL JΓ Kℓ holds, with Ck[·] closing sessions ′ ′ Γ = x1 : T1,...,xk : Tk. We must show that Ck+1[P ] ⊢LL JΓ \ xk+1 : Tk+1Kℓ holds, with Ck+1[·] ′′ ′ closing sessions Γ =Γ , xk+1 : Tk+1.

Considering xk+1 : Tk+1 entails adding 0 ≤ n ≤ k additional value dependencies. We proceed by induction on n. e base case n =0 is straightforward: Ck+1[·] can be obtained by composing Ck[·] x k+1 T- with the additional characteristic process Qk+1 ∈ h|Tk+1|iΨ , using Rule ( cut). e inductive step (n> 0) proceeds by observing that any context Ck+1[·] canbe built out of Ck[·]. Exact modifications depend on n: adding n new dependencies concern n +1 characteristic processes in Ck[·]. erefore, Ck+1[·] modifies Ck[·] by (i) adding n new σi and Fi; (ii) adding a new Qk+1; (ii) modifying n processes among Q1,..., Qk (already in Ck[·]) to account for the fact that they need to be (further) shortened. With these modifications, the process Ck+1[P ] is typable following the lines of case k =2.

C.5 Translating Session Processes into L Exploiting Value Dependencies We may now give the revised translation with value dependencies, denoted L·MV. We rely on Notation 5.1 as well as on the following extension of Notation 5.2, which annotates type judgments with “discarded” portions of contexts: Notation C.2 (Hidden/Bracketed Sessions, Extended). Consider the following notations: • We shall write:

0 Γ1, Γ2, x :! T.S ⋄ Ψ1, Φ1[Ψ2, Φ2] ⊢ST (νzy)xhyi.(P1 | P2) rather than 0 Γ1, Γ2, x:! T.S ⋄ Ψ1, Φ1 ⊢ST (νzy)xhyi.(P1 | P2)

assuming both Γ1,z : T ⋄ Ψ1, Ψ2 ⊢ST P1 and Γ2, x : S ⋄ Φ1, Φ2 ⊢ST P2.

72 un V LΓ ⋄∅⊢ST 0M , 0

0 ′ V ′ V LΓ,x : ! T.S, v : T ⋄ Ψ, hx,v, 0i⊢ST xhvi.P M , x(z).([v ↔z] | Q) : Q ∈ LΓ,x : S ⋄ Ψ ⊢ST P M

0 V LΓ1, Γ2,x : ! T.S ⋄ Ψ1, Φ1[Ψ2, Φ2] ⊢ST (νzy)xhyi.(P1 | P2)M , V V x(y).(Q1 | Q2) : Q1 ∈ LΓ1,z : T ⋄ Ψ1, Ψ2 ⊢ST P1M ∧ Q2 ∈ LΓ2,x : S ⋄ Φ1, Φ2 ⊢ST P2M

0 ′ V ′ V LΓ,x : ? T.S ⋄ Ψ, (x,y, 0) ⊢ST x(y : T ).P M , x(y).Q : Q ∈ LΓ,x : S,y : T ⋄ Ψ ⊢ST P M

′ V ′ V LΓ,x : ⊕{li : Si}i∈I ⊢ST x⊳lj .P M , x⊳lj .Q : Q ∈ LΓ,x : Sj ⋄ Ψ ⊢ST P M

V V LΓ,x :&{li : Si}i∈I ⋄ Ψ ⊢ST x ⊲ {li : Pi}i∈I M , x ⊲ {li : Qi}i∈I : Qi ∈ LΓ,x : Si ⋄ Ψ ⊢ST PiM

] ] V LΓ1[x : S] ⋄ Ψ1[Ψ2(x)] ⋆ Γ2[y : T ] ⋄ Φ1[Φ2(y)] ⊢ST (νxy : S)(P1 | P2)M , e e ee e Φ2(xe) ] V C1[Q1] | G2 : G2 ∈ h|Γ2|iΦ ,C1 ∈C ,Q1 ∈ LΓ1, x : S ⋄ Ψ1, Ψ2 ⊢ST P1M ∪ 1 ]x:T |]y:S

Ψ2(ye) ] V G1 | C2[Q2] : G1 ∈ h|Γ1|iΨ ,C2 ∈C ,Q2 ∈ LΓ2, y : T ⋄ Φ1, Φ2 ⊢ST P2M 1 ]y:S |]x:T

Figure 14: Translation L·MV.

• Similarly, we shall write ] ] Γ1[x : S] ⋄ Ψ1[Ψ2] ⋆ Γ2[y : T ] ⋄ Φ1[Φ2] ⊢ST (νxy : S)(P1 | P2)

rather than ee e Γ1, Γ2 ⋄ Ψ1, Φ1 ⊢ST (νxy : S)(P1 | P2) ] ] assuming Γ1, x : S ⋄ Ψ1, Ψ2 ⊢ST P1, and Γ2, y : T ⋄ Φ1, Φ2 ⊢ST P2, and Si = Ti. ee e Definition C.10 (Translating into L with Value Dependencies). Let P be such that Γ ⋄ Ψ ⊢ST P and V P ∈ K. e set of L processes LΓ ⋄ Ψ ⊢ST P M is defined inductively in Figure 14. e first six cases of Figure 14 extend those in L·M (Definition 5.4) with the dependency context Ψ and with annotated types, using Notation C.2 in the case of output. More prominent differences arise in the translation of (νxy : S)(P1 | P2). e first line of the definition specifies how the translation leads to process of the form C1[Q1] | G2, in which the right-hand side of the parallel is generated: ee e

• Process Q1 belongs to the set that results from translating sub-process P1 with an appropriate typing judgment, which includes x]: S. ] • C1 belongs to the set of catalyzers that implement the context x : T , i.e., the dual behaviors of the sessions implemented by P1. We use Definition C.9 to ensure that C1 preserves the relevant value dependencies in P2, denoted Φ2. We write Φ2(x) to specify that the dependencies refer to names in x (as required by Q1) rather than to names in y (as present in P2). As before, this step removes the double restriction operator. e e e 73 • G2 belongs to the set of characteristic processes for Γ2, which describes the sessions implemented by P2. We use Definition C.7 to preserve the relevant value dependencies in P2, denoted Φ1. Similarly, the second line of the definition specifies how the translation leads to processes of the form G1 | C2[Q2]. Notice that G1, C2, and Q2 are obtained as before. Overall, we preserve value dependencies both when generating the new portion of the parallel process (i.e., G1 and G2) but also when constructing the catalyzer contexts (i.e., C1 and C2) that close the portions of the given process that are produced by translation (i.e., Q1 and Q2). As a sanity check, we now state the analogues of eorem 5.1 (type preservation) and eorem 5.2 (operational correspondence) for the second translation. We start by presenting an auxiliary lemma. Lemma C.3. Let S and Γ be respectively, an annotated session type and an annotated typing context, and let S+ and Γ+ be the corresponding type and context where the annotation is incremented according to + + Definition C.1. en, JSKℓ = JS Kℓ and JΓKℓ = JΓ Kℓ. Proof. It follows immediately by the encoding given in Figure 10 and Definition C.1. V V eorem C.1 (L·M is Type Preserving). Let Γ ⋄ Ψ ⊢ST P . en, for all Q ∈ LΓ ⋄ Ψ ⊢ST P M , we have that Q ⊢LL JΓKℓ.

Proof. e proof proceeds by cases on the judgement Γ⋄Ψ ⊢ST P used in the translation (Deﬁnition C.10), and by inversion on the last typing rule applied (cf. Figure 13). ere are seven cases to consider:

1. Γ ⋄∅⊢ST 0. en, by inversion the last typing rule applied is (T-NilD), with un(Γ). By Deﬁnition C.10 un V we have LΓ ⋄∅⊢ST 0M = {0}. en, by applying Rule (T-1) we obtain

(T-1) 0 ⊢LL x : •

e thesis follows immediately by encoding of types J·Kℓ given in Figure 10, and Deﬁnition 4.2, which states that Jx : endKℓ = x : •.

2. Γ, x :!0T.S, v : T ⋄ Ψ, hx, v, 0i⊢ST xhvi.P ′, where by inversion and Rule (T-OutD) we have Γ=Γ′+, Ψ=Ψ′+, hx, v, 0i, and S = S′+ as in the following derivation.

′ ′ ′ ′ Γ , x : S ⋄ Ψ ⊢ST P T-OutD ′+ 0 ′+ ′+ ′ ( ) Γ , x :! T.S , v : T ⋄ Ψ , hx, v, 0i⊢ST xhvi.P

By Deﬁnition C.10,

′+ 0 ′+ ′+ ′ V ′ ′ ′ ′ V LΓ , x :! T.S , v : T ⋄Ψ , hx, v, 0i⊢ST xhvi.P M = x(z).([v ↔z] | Q): Q ∈ LΓ , x : S ⋄Ψ ⊢ST P M

By Rule (T-id) and by Lemma 4.3 we have

(T-id) [v ↔z] ⊢LL v : JT Kℓ,z : JT Kℓ (44)

′ ′ ′ ′ V ′ ′ ′ By induction hypothesis, Q ∈ LΓ , x : S ⋄ Ψ ⊢ST P M implies Q ⊢LL JΓ Kℓ, x : JS Kℓ. Let Q be ′ an arbitrary process in this set. By applying Rule (T-⊗)on(44) and Q we have:

′ ′ ′ [v ↔z] ⊢LL v : JT Kℓ,z : JT Kℓ Q ⊢LL JΓ Kℓ, x : JS Kℓ T-⊗ ′ ′ ′ ( ) x(z). [v ↔z] | Q ⊢LL JΓ Kℓ, x : JT Kℓ ⊗ JS Kℓ, v : JT Kℓ 74 ′ ′ By the encoding of types J·Kℓ in Figure 10 we have that J!T.S Kℓ = JT Kℓ⊗JS Kℓ, and by Deﬁnition 4.2, ′ ′ ′ ′ we have JΓ , x :!T.S , v : T Kℓ = JΓ Kℓ, x : JT Kℓ ⊗ JS Kℓ, v : JT Kℓ, and we conclude this case by applying Lemma C.3.

0 3. Γ1, Γ2, x :! T.S ⋄ Ψ1, Φ1[Ψ2, Φ2] ⊢ST (νzy)xhyi.(P1 | P2). By inversion, this judgement is derived by a sequence of rules: the last rule applied is (T-ResD), before that (T-OutD) and (T-ParD). We have: ′+ ′+ ′+ ′+ Γi =Γi , for i ∈{1, 2}; Φj =Φj , for j ∈{1, 2}; Ψk =Ψk , for k ∈{1, 2}; S = S .

′ ′ ′ ′ ′ ′ ′ Γ ,z : T ⋄ Ψ , Ψ ⊢ST P1 Γ , x : S ⋄ Φ , Φ ⊢ST P2 1 1 2 2 1 2 T-ParD ′ ′ ′ ′ ′ ′ ′ ( ) Γ ,z : T, Γ , x : S ⋄ Ψ , Ψ , Φ , Φ ⊢ST P1 | P2 1 2 1 2 1 2 (T-OutD) ′+ ′+ 0 ′+ + ′+ ′+ ′+ ′+ Γ , Γ , x :! T.S ,y : T,z : T ⋄ Ψ , Ψ , Φ , Φ , hx, y, 0i⊢ST xhyi.(P1 | P2) 1 2 1 2 1 2 T-ResD 0 ( ) Γ1, Γ2, x :! T.S ⋄ Ψ1, Φ1[Ψ2, Φ2] ⊢ST (νzy)xhyi.(P1 | P2) By Deﬁnition C.10,

0 V LΓ1, Γ2, x :! T.S ⋄ Ψ1, Φ1[Ψ2, Φ2] ⊢ST (νzy)xhyi.(P1 | P2)M = V V x(y).(Q1 | Q2): Q1 ∈ LΓ1,z : T ⋄ Ψ1, Ψ2 ⊢ST P1M ∧ Q2 ∈ LΓ2, x : S ⋄ Φ1, Φ2 ⊢ST P2M

V By induction hypothesis, for all processes Q1 ∈ LΓ1,z : T ⋄ Ψ1, Ψ2 ⊢ST P1M , we have Q1 ⊢LL ′ JΓ1Kℓ,z : JT Kℓ. Let Q1 be an arbitrary process in this set. Also, for all processes Q2 ∈ V ′ LΓ2, x : S ⋄ Φ1, Φ2 ⊢ST P2M , we have Q2 ⊢LL JΓ2Kℓ, x : JSKℓ. Let Q2 be an arbitrary process in T- ′ ′ this set. By applying Rule ( ⊗) on Q1 and Q2 we have the following derivation: ′ ′ Q1 ⊢LL JΓ1Kℓ,z : JT Kℓ Q2 ⊢LL JΓ2Kℓ, x : JSKℓ T-⊗ ′ ′ ( ) x(z). Q1 | Q2 ⊢LL JΓ1Kℓ, JΓ2Kℓ, x : JT Kℓ ⊗ JSKℓ

By the encoding of types J·Kℓ in Figure 10, J!T.SKℓ = JT Kℓ ⊗ JSKℓ, and by Deﬁnition 4.2, we have ′ JΓ1, Γ2, x :!T.SKℓ = JΓ Kℓ, x : JΓ1Kℓ, JΓ2Kℓ, x : JT Kℓ ⊗ JSKℓ, and we conclude this case by applying Lemma C.3.

4. Γ, x : ?0T.S ⋄ Ψ, (x, y, 0) ⊢ST x(y : T ).P ′, where by inversion and Rule (T-InD) we have Γ=Γ′+, Ψ=Ψ′+, (x, y, 0), and S = S′+ as in the following derivation:

′ ′ ′ ′ Γ , x : S ,y : T ⋄ Ψ ⊢ST P T-InD ′+ 0 ′+ ′+ ′ ( ) Γ , x : ? T.S ⋄ Ψ , (x, y, 0) ⊢ST x(y : T ).P By Deﬁnition C.10, we have

′+ 0 ′+ ′+ ′ V ′ ′ ′ ′ V LΓ , x : ? T.S ⋄Ψ , (x, y, 0) ⊢ST x(y : T ).P M = x(y : T ).Q : Q ∈ LΓ , x : S ,y : T ⋄Ψ ⊢ST P M

′ ′ ′ ′ ′ ′ By induction hypothesis, Q ∈ LΓ , x : S ,y : T ⋄ Ψ ⊢ST P M implies Q ⊢LL JΓ Kℓ, x : JS Kℓ,y : JT Kℓ. Let Q′ be an arbitrary process in this set. By applying Rule (T-O) on Q′ we have:

′ ′ ′ Q ⊢LL JΓ Kℓ, x : JS Kℓ,y : JT Kℓ T-O ′ ′ ′ ( ) x(y : T ).Q ⊢LL JΓ Kℓ, x : JT Kℓ O JS Kℓ

′ ′ where by the encoding of types J·Kℓ in Figure 10 we have that J?T.S Kℓ = JT Kℓ O JS Kℓ and by ′ ′ ′ ′ Deﬁnition 4.2, we have JΓ , x : ?T.S Kℓ = JΓ Kℓ, x : JT Kℓ O JS Kℓ, and we conclude this case by applying Lemma C.3.

75 5. ecases forbranchingandselectionfollowthesamelines asthe corresponding ones in eorem 5.1, whose proof is given in §B.2, hence we omit them. ] ] 6. Γ1[x : S] ⋄ Ψ1[Ψ2(x)] ⋆ Γ2[y : T ] ⋄ Φ1[Φ2(y)] ⊢ST (νxy : S)(P1 | P2). en, by inversion we have following derivation: e ] e ee]e Γ1, x : S ⋄ Ψ1, Ψ2 ⊢ST P1 Γ2, y : T ⋄ Φ1, Φ2 ⊢ST P2 T-ParD ] ] ( ) Γ1, Γ2, x : S, y : T ⋄ Ψ1, Ψ2, Φ1, Φ2 ⊢ST P1 | P2 T-ResD ] ] ( ) Γ1[x : S] ⋄ Ψ1[Ψ2(x)] ⋆ Γ2[y : T ] ⋄ Φ1[Φ2(y)] ⊢ST (νxy : S)(P1 | P2)

such that T , S. e e ee e By Deﬁnition C.10, we have e e ] ] V LΓ1[x : S] ⋄ Ψ1[Ψ2(x)] ⋆ Γ2[y : T ] ⋄ Φ1[Φ2(y)] ⊢ST (νxy : S)(P1 | P2)M is the set of processes e e e e ee Φ2(x) ] V C1[Q1] | G2 : G2 ∈ h|Γ2|i , C1 ∈C ,Q1 ∈ LΓ1, x : S ⋄ Ψ1, Ψ2 ⊢ST P1M (45) Φ1 ]x:T |]y:S

Ψ2(ye) ] V ∪ G1 | C2[Q2]: G1 ∈ h|Γ1|i , C2 ∈C ,Q2 ∈ LΓ2, y : T ⋄ Φ1, Φ2 ⊢ST P2M (46) Ψ1 ]y:S |]x:T We start by inspecting the set given by (45). By induction hypothesis on the le-hand side premise of Rule (T-ParD) we have: ] ^ Q1 ∈ LΓ1, x : S ⋄ Ψ1, Ψ2 ⊢ST P1M implies Q1 ⊢LL JΓ1Kℓ, x : JSKℓ ′ ′ Let Q1 be an arbitrary process in this set. By Lemma C.2 we have that C1[Q1] ⊢LL JΓ1Kℓ. LL By Lemma C.1(b), since G2 ∈ h|Γ2|iΦ1 ,Φ2 , we have that G2 ⊢ JΓ2Kℓ. Since Γ1 and Γ2 are disjoint, by Rule (T-mix) we have the following derivation, which concludes this case: ′ C1[Q ] ⊢LL JΓ1Kℓ G2 ⊢LL JΓ2Kℓ T-mix ′ ( ) C1[Q ] | G2 ⊢LL JΓ1Kℓ, JΓ2Kℓ e proof for the set given by (46) follows the same line as the proof for (45), so we omit the details here. We thus conclude that every process belonging to the set in (45) or(46) is typed under the typing context JΓ1Kℓ, JΓ2Kℓ, concluding this case.

V eorem C.2 (Operational Correspondence for L · M ). Let P be such that Γ ⋄ Ψ ⊢ST P for some Γ, Ψ. en we have: V If P → P ′, then for all Q ∈ LΓ ⋄ Ψ ⊢ST P M there exist Q′, R such that Q →֒→ Q′, Q′ + R, and .1 V R ∈ LΓ ⋄ Ψ ⊢ST P ′M V ,′ If Q ∈ LΓ ⋄ Ψ ⊢ST P M , such that P ∈ K, and Q →֒→ Q′, then there exist P ′, R such that P → P .2 V Q′ + R, and R ∈ LΓ ⋄ Ψ ⊢ST P ′M . Proof. By induction on the length of the derivations (P → P ′ and Q → Q′), following the structure of the corresponding proof for L·M (cf. eorem 5.2 and §B.3).