Godel¨ Logic: from Natural Deduction to Parallel Computation

Federico Aschieri Agata Ciabattoni Francesco A. Genco Institute of Discrete Mathematics and Geometry Theory and Logic Group Theory and Logic Group TU Wien, Austria TU Wien, Austria TU Wien, Austria

Abstract—Propositional Godel¨ logic G extends intuition- All approaches explored so far to provide a precise formal- istic logic with the non-constructive principle of linearity ization of G as a logic for parallelism, either sacrificed analyt- (A → B) ∨ (B → A). We introduce a Curry–Howard correspon- icity [1] or tried to devise forms of natural deduction whose dence for G and show that a simple natural deduction calculus can be used as a typing system. The resulting functional language structures mirror hypersequents – which are sequents operating extends the simply typed λ-calculus via a synchronous commu- in parallel [4]. Hypersequents were indeed successfully used nication mechanism between parallel processes, which increases in [3] to define an analytic calculus for G and were intuitively its expressive power. The normalization proof employs original connected to parallel computations: the key rule introduced by termination arguments and proof transformations implementing Avron to capture the linearity axiom – called communication – forms of code mobility. Our results provide a computational interpretation of G, thus proving A. Avron’s 1991 thesis. enables sequents to exchange their information and hence to “communicate”. The first analytic natural deduction calculus I.INTRODUCTION proposed for G [5] uses indeed parallel intuitionistic derivations joined together by the hypersequent separator. Normalization Logical proofs are static. Computations are dynamic. It is a is obtained there only by translation into Avron’s calculus: striking discovery that the two coincide: formulas correspond to no reduction rules for deductions and no corresponding λ- types in a programming language, logical proofs to programs of calculus were provided. The former task was carried out in the corresponding types and removing detours from proofs to [6], that contains a propositional hyper natural deduction with evaluation of programs. This correspondence, known as Curry– a normalization procedure. The definition of a corresponding Howard isomorphism, was first discovered for constructive λ-calculus and Curry–Howard correspondence are left as an proofs, and in particular for intuitionistic natural deduction and open problem, which might have a complex solution due to typed λ-calculus [20] and later extended to classical proofs, the elaborated structure of hyper deductions. Another attempt despite their use of non-constructive principles, such as the along the “hyper line” has been made in [19]. However, not excluded middle [18], [2] or reductio ad absurdum [17], [30]. only the proposed proof system is not shown to be analytic, but Nowadays various different logics (linear [8], modal [28] ...) the associated λ-calculus is not a Curry–Howard isomorphism: have been related to many different notions of computation; the computation rules of the λ-calculus are not related to proof the list is long, and we refer the reader to [34]. transformations, i.e. Subject Reduction does not hold.

Godel¨ logic, Avron’s conjecture and previous attempts λG: Our Curry–Howard Interpretation of Godel¨ Logic We introduce a natural deduction and a Curry–Howard Twenty-five years have gone by since Avron conjectured in correspondence for propositional G. We add to the λ-calculus [3] that Godel¨ logic G [16] – one of the most useful and inter- an operator that, from the programming viewpoint, represents esting logics intermediate between intuitionistic and classical parallel computations and communications between them; from arXiv:1607.05120v4 [cs.LO] 18 Jun 2017 logic – might provide a basis for parallel λ-calculi. Despite the logical viewpoint, the linearity axiom; and from the proof the interest of the conjecture and despite various attempts, theory viewpoint, the hypersequent separator among sequents. no Curry–Howard correspondence has so far been provided We call the resulting calculus λ : parallel λ-calculus for G. λ for G. The main obstacle has been the lack of an adequate G G relates to the natural deduction NG for G as typed λ-calculus natural deduction calculus. Well designed natural deduction relates to the natural deduction NJ for intuitionistic logic IL: inferences can indeed be naturally interpreted as program instructions, in particular as typed λ-terms. Normalization [32], IL NJ λ which corresponds to the execution of the resulting programs, Soundness and Curry–Howard can then be used to obtain proofs only containing formulas that Completeness correspondence are subformulas of some of the hypotheses or of the conclusion. G NG λG However the problem of finding a natural deduction for G with this property, called analyticity, looked hopeless for decades. We prove: the perfect match between computation steps and proof reductions in the Subject Reduction Theorem; the Supported by FWF: grants M 1930–N35, Y544-N2, and W1255-N23. Normalization Theorem, by providing a terminating reduction strategy for λG; the Subformula Property, as corollary. The handling the bindings between code fragments and their expressive power of λG is illustrated through examples of computational environments. Cross reductions also improve programs and connections with the π-calculus [26], [33]. the efficiency of programs by facilitating partial evaluation of The natural deduction calculus NG that we use as type sys- open processes (see Example VII.4). tem for λG is particularly simple: it extends NJ with the (com) rule (its typed version is displayed below), which was first II.PRELIMINARIESON GODELLOGIC¨ considered in [24] to define a natural deduction calculus for G, Also known as Godel–Dummett¨ logic [12], Godel¨ logic G but with no normalization procedure. The calculus NG follows naturally turns up in a number of different contexts; among the basic principle of natural deduction that new axioms require them, due to the natural interpretation of its connectives as new computational reductions; this contrasts with the basic functions over the real interval [0, 1], G is one of the best principle of sequent calculus employed in the “hyper approach”, known ‘fuzzy logics’, e.g. [25]. that new axioms require new deduction structures. Hence we keep the calculus simple and deal with the complexity of the Although propositional G is obtained by adding the linearity hypersequent structure at the operational side. Consequently, the axiom (lin)(A → B) ∨ (B → A) to any proof calculus programs corresponding to NG proofs maintain the syntactical for intuitionistic logic, analytic calculi for G have only been simplicity of λ-calculus. The normalization procedure for NG defined in formalisms extending the sequent calculus. Among extends Prawitz’s method with ideas inspired by hypersequent them, arguably, the hypersequent calculus in [3] is the most cut-elimination, by normalization in classical logic [2] and by successful one, see, e.g., [25]. In general a hypersequent calcu- the embedding in [10] between hypersequents and systems of lus is defined by incorporating a sequent calculus (Gentzen’s rules [29]; the latter shows that (com) reformulates Avron’s LJ, in case of G) as a sub-calculus and allowing sequents to communication rule. live in the context of finite multisets of sequents. The inference rules of NG are decorated with λG-terms, Definition II.1. A hypersequent is a multiset of sequents, so that we can directly read proofs as typed programs. The written as Γ1 ⇒ Π1 | ... | Γn ⇒ Πn where, for all i = decoration of the NJ inferences is standard and the typed 1, . . . n, Γi ⇒ Πi is an ordinary sequent. version of (com) is The symbol “|” is a meta-level disjunction; this is reflected [aA→B : A → B] [aB→A : B → A] . . by the presence in the calculus of the external structural rules . . of weakening and contraction, operating on whole sequents, u : C v : C com rather than on formulas. The hypersequent design opens the u ka v : C possibility of defining new rules that allow the “exchange of Inspired by [1], we use the variable a to represent a private information” between different sequents. It is this type of rules communication channel between the processes u and v. The which increases the expressive power of hypersequent calculi compared to sequent calculi. The additional rule employed in computational reductions associated to ka – cross reductions – enjoy a natural interpretation in terms of higher-order process Avron’s calculus for G [3] is the so called communication rule, passing, a feature which is not directly rendered through below presented in a slightly reformulated version (as usual G communication by reference [31] and is also present in higher- stands for a possibly empty hypersequent): order π-calculus [33]. Nonetheless cross reductions handle G | Γ1,B ⇒ CG | Γ2,A ⇒ D more subtle migration issues. In particular, a cross reduction G | Γ ,A ⇒ C | Γ ,B ⇒ D can be activated whenever a communication channel a is ready 1 2 to transfer information between two parallel processes: III.NATURAL DEDUCTION C[a u] ka D[a v] Here C is a process containing a fragment of code u, and D The very first step in the design of a Curry–Howard corre- is a process containing a fragment of code v. Moreover, C has spondence is to lay a solid logical foundation. No architectural to send u through the channel a to D, which in turn needs mistake is allowed at this stage: the natural deduction must to send v through a to C. In general we cannot simply send be structurally simple and the reduction rules as elementary the programs u and v: some resources in the computational as possible. We present such a natural deduction system NG environment that are used by u and v may become inaccessible for Godel¨ logic. NG extends Gentzen’s propositional natural from the new locations [14]. Cross reductions solve the problem deduction NJ (see [32]) with a rule accounting for axiom (lin). by exchanging the location of u and v and creating a new We describe the reduction rules for transforming every NG communication channel for their resources. Technically, the deduction into an analytic one and present the ideas behind channel takes care of closures – the contexts containing the the Normalization Theorem, which is proved in the λ-calculus definitions of the variables used in a function’s body [23]. framework in Section VI. NG is the natural deduction version of the sequent calculus Several programming languages such as JavaScript, Ruby or with systems of rules in [29]; the latter embeds (into) Avron’s Swift provide mechanisms to support and handle closures. In hypersequent calculus for G. Indeed [10] introduces a mapping our case, they are the basis of a process migration mechanism from (and into) derivations in Avron’s calculus into (and from) derivations in the LJ sequent calculus for intuitionistic logic A. Reduction Rules and Normalization with the addition of the system of rules A normal deduction in NG should have two essential B, Γ1 ⇒ C A, Γ2 ⇒ D features: every intuitionistic Prawitz-style reduction should (com1) (com2) A, Γ1 ⇒ C B, Γ2 ⇒ D have been carried out and the Subformula Property should . . . . hold. Due to the (com) rule, the former is not always enough Γ ⇒ Π Γ ⇒ Π to guarantee the latter. Here we present the main ideas behind (comend) Γ ⇒ Π the normalization procedure for NG and the needed reduction rules. The computational interpretation of the rules will be where (com1), (com2) can only be applied (possibly many times) above respectively the left and right premise of (comend). carried out through the λG calculus in Section IV. The above system, that reformulates Avron’s communication The main steps of the normalization procedure are as follows: rule, immediately translates into the natural deduction rule • We permute down all applications of (com). below, whose addition to NJ leads to a natural deduction calculus for G The resulting deduction – we call it in parallel form – . . consists of purely intuitionistic subderivations joined together . . B A by consecutive (com) inferences occurring immediately above coml comr A B the root. This transformation is a key tool in the embedding . . . . between hypersequents and systems of rules [10]. The needed C C com reductions are instances of Prawitz-style permutations for ∨ C elimination. Their list can be obtained by translating into natural deduction the permutations in Fig. 1. Not all the branches of a derivation containing the above rule Once obtained a parallel form, we interleave the following are NJ derivations. To avoid that, and to keep the proof of two steps. the Subformula Property (Theorem V.4) as simple as possible, we use the equivalent rule below, first considered in [24]. • We apply the standard intuitionistic reductions ([32]) to the parallel branches of the derivation. Definition III.1 (NG). The natural deduction calculus NG This way we normalize each single intuitionistic derivation, and extends NJ with the (com) rule: this can be done in parallel. The resulting derivation, however, [A → B] [B → A] need not satisfy yet the Subformula Property. Intuitively, the . . . . problem is that communications may discharge hypotheses that . . have nothing to do with their conclusion. C C com C • We apply specific reductions to replace the (com) appli- cations that violate the Subformula Property. Let ` and ` indicate the derivability relations in NG NG G These reductions – called cross reductions – account for the and in NJ + (lin), respectively. hypersequent cut-elimination. They allow to get rid of the new Theorem III.1 (Soundness and Completeness). For any set Π detours that appear in configurations like the one below on of formulas and formula A, Π `NG A if and only if Π `G A. the left. To remove these detours, a first idea would be to simultaneously move the deduction D to the right and D to Proof. 1 2 (⇒) Applications of (com) can be simulated by ∨ the left thus obtaining the derivation below right: eliminations having as major premiss an instance of (lin).(⇐) Easily follows by the following derivation: D1 D2 A com B com D2 D1 [A → B]1 [B → A]1 B l A r B A . . . . (A → B) ∨ (B → A) (A → B) ∨ (B → A) . . . . com1 (A → B) ∨ (B → A) C C com C C C C In fact, in the context of Krivine’s realizability, Danos and Notation. To shorten derivations henceforth we will use Krivine [9] studied the linearity axiom as a theorem of A B classical logic and discovered that its realizers implement a coml comr as abbreviations for B A restricted version of this transformation. Their transformation does not lead however to the subformula property for NG. The [A → B] A [B → A] B unrestricted transformation above, on the other hand, cannot B A work; indeed D1 might contain the hypothesis A → B and respectively, and call them communication inferences. hence it cannot be moved on the right. Even worse, D1 may As usual, we will use ¬A and > as shorthand for A → ⊥ depend on hypotheses that are locally opened, but discharged and ⊥ → ⊥. Moreover, we exploit the equivalence of A ∨ B below B but above C. Again, it is not possible to move D1 on and ((A → B) → B) ∧ ((B → A) → A) in G (see [12]) the right as naively thought, otherwise new global hypotheses and treat ∨ as a defined connective. would be created. [aA→B : A → B] [aB→A : B → A] We overcome these barriers by our cross reductions. Let . . . . us highlight Γ and ∆, the hypotheses of D1 and D2 that Linearity Axiom . . u : C v : C are respectively discharged below B and A but above the u ka v : C application of (com). Assume moreover, that A → B does Γ ` u : ⊥ Ex Falso Quodlibet with P atomic, P 6= ⊥. not occur in D1 and B → A does not occur in D2 as Γ ` efqP (u): P hypotheses discharged by (com). A cross reduction transforms The table above defines a type assignment for λG-terms, the deduction below left into the deduction below right (if called proof terms and denoted by t, u, v . . . , which is (com) in the original proof discharges in each branch exactly isomorphic to NG. The typing rules for axioms, implication, one occurrence of the hypotheses, and Γ and ∆ are formulas) conjunction and ex-falso-quodlibet are standard and give rise ∆ Γ to the simply typed λ-calculus, while parallelism is introduced Γ ∆ coml comr Γ ∆ by the rule for the linearity axiom. D1 D2 A A A A B D1 D2 Proof terms may contain variables x0 , x1 , x2 ,... of type coml comr A A B. A. A. B. A for every formula A; these variables are denoted as x , y , . . . . A A A A . . . . z , . . . , a , b , c and whenever the type is not important simply as x, y, z, . . . , a, b. For clarity, the variables introduced C C com C C com C C by the (com) rule will be often denoted with letters a, b, c, . . ., but they are not in a syntactic category apart. A variable xA that and into the following deduction, in the general case occurs in a term of the form λxAu is called λ-variable and a a u k v Γ ∆ Γ ∆ variable that occurs in a term a is called communication com3 com3 D Γ l ∆ r D variable and represents a private communication channel 1 2 between the parallel processes u and v. A 1 D1 D2 B 2 coml comr The free and bound variables of a proof term are defined as B. A. B. A. . . . . usual and for the new term u ka v, all the free occurrences of . . . . C C C C a in u and v are bound in u ka v. In the following we assume com1 com2 the standard renaming rules and alpha equivalences that are C C 3 C com used to avoid capture of variables in the reduction rules. Notation. The connective → associates to the right and by where the double bar notation stands for an application of ht , t , . . . , t i we denote the term ht , ht ,... ht , t i ...ii (com) between sets of hypotheses Γ and ∆, which means to 1 2 n 1 2 n−1 n and by π , for i = 0, . . . , n, the sequence of projections prove from Γ the conjunction of the formulas of Γ, then to i π . . . π π selecting the (i + 1)th element of the sequence. prove the conjunction of the formulas of ∆ by means of a 1 1 0 Therefore, for every formula sequence A ,...,A the expres- communication inference and finally obtain each formula of 1 n sion A ∧ ... ∧ A denotes (A ∧ (A ∧ ... (A ∧ A ) ... )) ∆ by a series of ∧ eliminations, and vice versa. 1 n 1 2 n−1 n or > if n = 0. Mindless applications of the cross reductions might lead to Often, when Γ = x : A , . . . , x : A and the list dangerous loops, see e.g. Example IV.2. To avoid them we will 1 1 n n x , . . . , x includes all the free variables of a proof term t : A, allow cross reductions to be performed only when the proof is 1 n we shall write Γ ` t : A. From the logical point of view, not analytic. Thanks to this and to other restrictions, we will t represents a natural deduction of A from the hypotheses prove termination and thus the Normalization Theorem. A1,...,An. We shall write G ` t : A whenever ` t : A, and the notation means provability of A in propositional Godel¨ IV. THE λ -CALCULUS G logic. If the symbol k does not occur in it, then t is a simply We introduce λG, our parallel λ-calculus for G. λG extends typed λ-term representing an intuitionistic deduction. the standard Curry–Howard correspondence [34] for intuition- We define as usual the notion of context C[] as the part istic natural deduction with a parallel operator that interprets of a proof term that surrounds a hole, represented by some the inference for the linearity axiom. We describe λG-terms fixed variable. In the expression C[u] we denote a particular and their computational behavior, proving as main result of occurrence of a subterm u in the whole term C[u]. We shall the section the Subject Reduction Theorem, stating that the just need those particularly simple contexts which happen to reduction rules preserve the type. be simply typed λ-terms. A Axioms x : A Definition IV.1 (Simple Contexts). A simple context C[] is u : A t : B u : A ∧ B u : A ∧ B Conjunction hu, ti : A ∧ B u π0 : A u π1 : B a simply typed λ-term with some fixed variable [] occurring exactly once. For any proof term u of the same type of [], C[u] [xA : A] . denotes the term obtained replacing [] with u in C[], without . t : A → B u : A Implication . renaming of any bound variable. u : B tu : B λxAu : A → B As an example, the expression C[ ] := λx z ([]) is a simple context and the term λx z (x z) can be written as C[xz]. We define below the notion of stack, corresponding to appear. Hence, if the prime factors of the types B and C are Krivine stack [21] and known as continuation because it not subformulas of A1,...,An,A, then these prime factors embodies a series of tasks that wait to be carried out. A should be taken into account in the complexity measure we stack represents, from the logical perspective, a series of are looking for. The actual definition is the following. elimination rules; from the λ-calculus perspective, a series Definition IV.6 (Communication Complexity). Let u ka v : A of either operations or arguments. A1 An a proof term with free variables x1 , . . . , xn . Assume that Definition IV.2 (Stack). A stack is a sequence aB→C occurs in u and thus aC→B in v. σ = σ1σ2 . . . σn such that for every 1 ≤ i ≤ n, exactly one • The pair B,C is called the communication kind of a. of the following holds: either σi = t, with t proof term or • The communication complexity of a is the maximum σi = πj, with j ∈ {0, 1}. We will denote the empty sequence among 0 and the numbers of symbols of the prime factors with  and with ξ, ξ0,... the stacks of length 1. If t is a proof of B or C that are neither proper subformulas of A nor term, as usual t σ denotes the term (((t σ1) σ2) . . . σn). strong subformulas of one among A1,...,An. We define now the notion of strong subformula, which is We explain now the basic reduction rules for the proof terms essential for defining the reduction rules of the λG-calculus of λG, which are given in Figure 1. As usual, we also have the and for proving Normalization. The technical motivations will reduction scheme: E[t] 7→ E[u], whenever t 7→ u and for any become clear in Sections V and VI, but the intuition is that the context E. With 7→∗ we shall denote the reflexive and transitive new types created by cross reductions must be always strong closure of the one-step reduction 7→. subformulas of already existing types. To define the concept Intuitionistic Reductions. These are the very familiar com- of strong subformula we also need the following definition. putational rules for the simply typed λ-calculus, representing the operations of applying a function and taking a component Definition IV.3 (Prime Formulas and Factors [22]). A formula of a pair [15]. From the logical point of view, they are the is said to be prime if it is not a conjunction. Every formula is standard Prawitz reductions [32] for NJ. a conjunction of prime formulas, called prime factors. Cross Reductions. The reduction rules for (com) model Definition IV.4 (Strong Subformula). B is said to be a strong a communication mechanism between parallel processes. In subformula of a formula A, if B is a proper subformula of order to apply a cross reduction to a term some prime proper subformula of A. C[a u] ka D[a v] Note that in the present context, prime formulas are either several conditions have to be met. These conditions are both atomic formulas or arrow formulas, so a strong subformula of natural and needed for the termination of computations. A must be actually a proper subformula of an arrow proper First, we require the communication complexity of a to be subformula of A. The following characterization of the strong greater than 0; again, this is a warning that the Subformula subformula relation will be often used. Property does not hold. Here we use a logical property as Proposition IV.1 (Characterization of Strong Subformulas). a computational criterion for answering the question: when Suppose B is any strong subformula of A. Then: should computation stop? An answer is crucial here, because, as shown in Example IV.2, unrestricted cross reductions do • If A = A1 ∧ ... ∧ An, with n > 0 and A1,...,An are prime, then B is a proper subformula of one among not always terminate. In λ-calculi the Subformula Property fares pretty well as a stopping criterion. In a sense, it detects A1,...,An. all the essential operations that really have to be done. For • If A = C → D, then B is a proper subformula of a prime factor of C or D. example, in simply typed λ-calculus, a closed term that has the Subformula Property must be a value, that is, of the form Proof. See the Appendix. λx u, or hu, vi. Indeed a closed term which is a not a value, must be of the form h σ, for some stack σ (see Definition Definition IV.5 (Multiple Substitution). Let u be a proof term, IV.2), where h is a redex (λy u)t or hu, vi πi; but (λy u) and x = xA0 , . . . , xAn a sequence of variables and v : A ∧...∧A . 0 n 0 n hu, vi would have a more complex type than the type of the The substitution uv/x := u[v π /xA0 . . . v π /xAn ] replaces 0 0 n n whole term, contradicting the Subformula Property. each variable xAi of any term u with the ith projection of v. i Second, we require C[a u], D[a v] to be normal simply typed λ- We now seek a measure for determining how complex the terms. Simply typed λ-terms, because they are easier to execute communication channel a of a term u ka v is. Logic will be in parallel; normal, because we want their computations to go our guide. First, it makes sense to consider the types B,C on until they are really stuck and communication is unavoidable. such that a occurs with type B → C in u and thus with type Third, we require the variable a to be as rightmost as possible C → B in v. Moreover, assume u ka v has type A and its free and that is needed for logical soundness: how could otherwise A1 An variables are x1 , . . . , xn . The Subformula Property tells us the term u be moved to the right, e.g., if it contains a? that, no matter what our notion of computation will turn out Assuming that all the conditions above are satisfied, we can to be, when the computation is done, no object of type more now start to explain the cross reduction bhzi/y bhyi/z complex than the types of the inputs and the output should C[a u] ka D[a v] 7→ (D[u ] ka C[a u]) kb (C[v ] ka D[a v]) Here, the communication channel a has been activated, because C[a u] and D[a v] are cloned, because their code fragments the processes C and D are synchronized and ready to transfer can be needed again. Thus a behaves as a replicated input respectively u and v. The parallel operator ka let the two and replicated output channel. E.g., in [8], replicated input is occurrences of a communicate: the term u travels to the right in order to replace a v and v travels to the left in order to coded by the bang operator of linear logic: replace a u. If u and v were data, like numbers or constants, xhyi.Q | !x(z).P 7→ Q | P [y/z] | !x(z).P everything would be simple and they could be sent as they are; but in general, this is not possible. The problem is that With symmetrical message passing and a “!” also in front of the free variables y of u which are bound in C[a u] by some λ xhyi.Q, one would obtain a version of our cross reduction. cannot be permitted to become free; otherwise, the connection between the binders λ y and the occurrences of the variables Finally, as detailed in Ex. VII.2, whenever u and v are closed y would be lost and they could be no more replaced by actual terms the cross reduction is simpler and only maintains the values when the inputs for the λ y are available. Symmetrically, first two of the four processes produced in the general case. the variables z cannot become free. For example, we could have u = u0 y and v = v0 z and Example IV.1 (ka in λG and | in the π-calculus). A private u k v π 0 0 channel a is rendered in the -calculus [26], [33] by the C[a u] = w1 (λy a (u y)) D[a v] = w2 (λz a (v z)) restriction operator ν, as νa (u | v). Recall that the π-calculus 0 0 term u | v represents two processes that run in parallel. The and the transformation w1 (λy a (u y)) ka w2 (λz a (v z)) 7→ 0 0 0 corresponding λG term he, ui ke he, vi is defined using a fresh w1 (λy v z) ka w2 (λz u y) would just be wrong: the term v z will never get back actual values for the variables z when they channel e with communication kind A, A. As no cross reduction will become available. outside u and v can be applied, the whole term reduces neither These issues are typical of process migration, and can be to he, ui nor to he, vi, so that u and v can run in parallel. solved by the concepts of code mobility [14] and closure [23]. Example IV.2. Let y and z be bound variables occurring in the Informally, code mobility is defined as the capability to normal terms C[a y] and D[a z]. Without the condition on the dynamically change the bindings between code fragments and communication complexity c of a, a loop could be generated: bhzi/y bhyi/z the locations where they are executed. Indeed, in order to be C[a y] ka D[a z] 7→ (D[y ] ka C[a y]) kb (C[z ] ka D[a z]) executed, a piece of code needs a computational environment ∗ = (D[b z] ka C[a y]) kb (C[b y] ka D[a z]) 7→ D[b z] kb C[b y] and its resources, like data, program counters or global variables. In our case the contexts C[] and D[] are the computational In Sec. VI we show that if c > 0, this reduction sequence would environments or closures of the processes u and v and the terminate. What is then happening here? Intuitively, C[a y] and variables y, z are the resources they need. Now, moving a D[a z] are normal simply typed λ-terms, which forces c = 0. process outside its environment always requires extreme care: Permutation Reductions. They regulate the interaction be- the bindings between a process and the environment resources tween parallel operators and the other computational constructs. must be preserved. This is the task of the migration mechanisms, The first four reductions are the Prawitz-style permutation rules which allow a migrating process to resume correctly its [32] between parallel operators and eliminations. We also add execution in the new location. Our migration mechanism creates two other groups of reductions: three permutations between a new communication channel b between the programs that parallel operators and introductions, two permutations between have been exchanged. Here we see the code fragments u and parallel operators themselves. The first group will be needed v, with their original bindings to the global variables y and z. to rewrite any proof term into a parallel composition of simply typed λ-terms (Proposition V.3). The second group is needed to address the scope extrusion issue of private channels [26]. We point out that a parallel operator ka is allowed to commute with other parallel operators only when it is strictly necessary, that is, when the communication complexity of a is greater than 0 and thus signaling a violation of the Subformula Property.

The change of variables ubhzi/y and vbhyi/z has the effect of Example IV.3 (Scope extrusion (and π-calculus)). As exam- reconnecting u and v to their old inputs: ple of scope extrusion, let us consider the term (v ka C[b a]) kb w Here the process C[b a] wishes to send the channel a to w along the channel b, but this is not possible being the channel a private. This issue is solved in the π-calculus using the congruence νa(P | Q) | R ≡ νa(P | Q | R), provided that a does not occur in R, condition that can always be satisfied by α-conversion. Godel¨ logic offers and actually forces a different solution, In this way, when they will become available, the data y will be which is not just permuting w inward but also duplicating it: sent to u and the data z will be sent to v through the channel b. Note that in the result of the cross reduction the processes (v ka C[b a]) kb w 7→ (v kb w) ka (C[b a] kb w) After this reduction C[b a] can send a to w. If a does not occur V. THE SUBFORMULA PROPERTY in v, we have a further simplification step: We show that normal λG-terms satisfy the important Subfor- mula Property (Theorem V.4). This, in turn, implies that our (v kb w) ka (C[b a] kb w) 7→ v ka (C[b a] kb w) Curry–Howard correspondence for λG is meaningful from the logical perspective and produces analytic NG proofs. π obtaining associativity of composition as in -calculus. How- We start by establishing an elementary property of simply b v ever, if occurs in , this last reduction step is not possible typed λ-terms, which will turn out to be crucial for our w and we keep both copies of . It is indeed natural to allow normalization proof. It ensures that every bound hypothesis v C[b a] w both and to communicate with . appearing in a normal intuitionistic proof is a strong subformula Everything works as expected: the reductions steps in of one the premises or a proper subformula of the conclusion. Fig. 1 preserve the type at the level of proof terms, i.e., they This property sheds light on the complexity of cross reductions, correspond to logically sound proof transformations. Indeed because it implies that the new formulas introduced by these operations are always smaller than the local premises. Theorem IV.2 (Subject Reduction). If t : A and t 7→ u, then u : A and all the free variables of u appear among those of t. Proposition V.1 (Bound Hypothesis Property). Suppose

A1 An Proof. It is enough to prove the theorem for basic reductions: x1 , . . . , xn ` t : A if t : A and t 7→ u, then u : A. The proof that the intuitionistic reductions and the permutation rules preserve t ∈ NF is a simply typed λ-term and z : B a variable occurring the type is completely standard (full proof in the Appendix). bound in t. Then one of the following holds: Cross reductions require straightforward considerations as well. Indeed suppose 1) B is a proper subformula of a prime factor of A. 2) B is a strong subformula of one among A1,...,An. A→B B→A C[a u] ka D[a v] Proof. By induction on t. See the Appendix. 7→ D→C C→D b hzi/y A→B b hyi/z B→A The next proposition says that each occurrence of any (D[u ] k C[a u]) k (C[v ] k D[a v]) a b a hypothesis of a normal intuitionistic proof must be followed by an elimination rule, whenever the hypothesis is neither ⊥ Since hyi : C := C0 ∧ ... ∧ Cn and hzi : D := D→C C→D nor a subformula of the conclusion nor a proper subformula D0 ∧ ... ∧ Dm, b hzi and b hyi are correct terms. D→C C→D of some other premise. Therefore ub hzi/y and vb hyi/z, by Definition IV.5, C0 Cn are correct as well. The assumptions are that y = y0 , . . . , yn Proposition V.2. Let t ∈ NF be a simply typed λ-term and is the sequence of the free variables of u which are bound A1 An B A→B D0 Dm x , . . . , xn , z ` t : A in C[a u], z = z0 , . . . , zm is the sequence of the free 1 B→A variables of v which are bound in D[a v], a does not occur One of the following holds: neither in u nor in v and b is fresh. Therefore, by construction B B D→C 1) Every occurrence of z in t is of the form z ξ for some all the variables z are bound in D[ub hzi/y] and all the C→D proof term or projection ξ. variables y are bound in C[vb hyi/z]. Hence, no new free 2) B = ⊥ or B is a subformula of A or a proper subformula variable is created. of one among the formulas A1,...,An. Proof. Easy structural induction on the term. See the Appendix. Definition IV.7 (Normal Forms and Normalizable Terms).

• A redex is a term u such that u 7→ v for some v and Proposition V.3 (Parallel Normal Form Property). If t ∈ NF basic reduction of Figure 1. A term t is called a normal is a λ -term, then it is in parallel form. form or, simply, normal, if there is no t0 such that t 7→ t0. G We define NF to be the set of normal λG-terms. Proof. Easy structural induction on t using the permutation • A sequence, finite or infinite, of proof terms reductions. See the Appendix. u1, u2, . . . , un,... is said to be a reduction of t, if t = u1, and for all i, ui 7→ ui+1. A proof term u of We finally prove the Subformula Property: a normal proof λG is normalizable if there is a finite reduction of u does not contain concepts that do not already appear in the whose last term is a normal form. premises or in the conclusion. Definition IV.8 (Parallel Form). A term t is a parallel form Theorem V.4 (Subformula Property). Suppose whenever, removing the parentheses, it can be written as A1 An x1 , . . . , xn ` t : A and t ∈ NF. Then :

t = t1 ka1 t2 ka2 ... kan tn+1 1) For each communication variable a occurring bound in t and with communication kind B,C, the prime factors where each ti, for 1 ≤ i ≤ n + 1, is a simply typed λ-term. of B and C are proper subformulas of A1,...,An,A. A A Intuitionistic Reductions (λx u)t 7→ u[t/x ] and hu0, u1i πi 7→ ui, for i = 0, 1

Permutation Reductions (u ka v)w 7→ uw ka vw, if a does not occur free in w

w(u ka v) 7→ wu ka wv, if a does not occur free in w

efqP (w1 ka w2) 7→ efqP (w1) ka efqP (w2)

(u ka v) πi 7→ u πi ka v πi

A A A λx (u ka v) 7→ λx u ka λx v

hu ka v, wi 7→ hu, wi ka hv, wi, if a does not occur free in w

hw, u ka vi 7→ hw, ui ka hw, vi, if a does not occur free in w

(u ka v) kb w 7→ (u kb w) ka (v kb w), if the communication complexity of b is greater than 0

w kb (u ka v) 7→ (w kb u) ka (w kb v), if the communication complexity of b is greater than 0

Cross Reductions u ka v 7→ u, if a does not occur in u and u ka v 7→ v, if a does not occur in v

C→D D→C A→B B→A b hzi/y A→B b hyi/z B→A C[a u] ka D[a v] 7→ (D[u ] ka C[a u]) kb (C[v ] ka D[a v]) where C[a u], D[a v] are normal simply typed λ-terms and C, D simple contexts; y is the sequence of the free variables of u which are bound in C[a u]; z is the sequence of the free variables of v which are bound in D[a v]; C and D are the conjunctions of the types of the variables in z and y, respectively; the displayed occurrences of a are the rightmost both in C[a u] and in D[a v]; b is fresh; and the communication complexity of a is greater than 0

Fig. 1. Basic Reduction Rules for λG

2) The type of any subterm of t which is not a bound commu- subformula or a conjunction of subformulas of the formulas nication variable is either a subformula or a conjunction A1,...,An,C → D,D → C and thus of A1,...,An,A. of subformulas of the formulas A1,...,An,A. Remark V.1. Our statement of the Subformula Property is Proof. We proceed by induction on t. By Proposition V.3 slightly different from the usual one. However the latter can t = t1 ka1 t2 ka2 ... kan tn+1 and each ti, for 1 ≤ i ≤ n + 1, be easily recovered using the communication rule (comend) is a simply typed λ-term. We only show the case t = u1 kb u2. of Section III and additional reduction rules. As the resulting Let C,D be the communication kind of b, we first show that the derivations would be isomorphic but more complicated, we communication complexity of b is 0. We reason by contradiction prefer the current statement. and assume that it is greater than 0. u1 and u2 are either simply typed λ-terms or of the form v kc w. The second case is not VI.THE NORMALIZATION THEOREM possible, otherwise a permutation reduction could be applied Our goal is to prove the Normalization Theorem for λG: to t ∈ NF. Thus u1 and u2 are simply typed λ-terms. Since every proof term of λG reduces in a finite number of steps to the communication complexity of b is greater than 0, the types a normal form. By Subject Reduction, this implies that NG C → D and D → C are not subformulas of A1,...,An,A. proofs normalize. We shall define a reduction strategy for terms C→D By Prop. V.2, every occurrence of b in u1 is of the form of λG: a recipe for selecting, in any given term, the subterm C→D D→C b v and every occurrence of b in u2 is of the form to which apply one of our basic reductions. We remark that D→C b w. Hence, we can write the permutations between communications have been adopted u = C[bC→Dv] u = D[bD→C w] to simplify the normalization proof, but at the same time, 1 2 they undermine strong normalization, because they enable where C, D are simple contexts and b is rightmost. Hence silly loops, like in cut-elimination for sequent calculi. Further a cross reduction of t can be performed, which contradicts restrictions of the permutations might be enough to prove the fact that t ∈ NF. Since we have established that the strong normalization, but we leave this as an open problem. communication complexity of b is 0, the prime factors of The idea behind our normalization strategy is to employ a C and D must be proper subformulas of A1,...,An,A. Now, suitable complexity measure for terms u ka v and, each time a by induction hypothesis applied to u1 : A and u2 : A, for reduction has to be performed, to choose the term of maximal each communication variable aF →G occurring bound in t, complexity. Since cross reductions can be applied as long as the prime factors of F and G are proper subformulas of the there is a violation of the Subformula Property, the natural formulas A1,...,An, A, C → D,D → C and thus of the approach is to define the complexity measure as a function of formulas A1,...,An,A; moreover, the type of any subterm some fixed set of formulas, representing the formulas that can of u1 or u2 which is not a communication variable is either a be safely used without violating the Subformula Property. Definition VI.1 (Complexity of Parallel Terms). Let A be a 2) If t is a simply typed λ-term, it is normalized and 0 finite set of formulas. The A-complexity of the term u ka v returned. If t = u ka v is not a redex, then let N (u) = u 0 0 0 is the sequence (c, d, l, o) of natural numbers, where: and N (v) = v . If u ka v is normal, it is returned. 0 0 1) if the communication kind of a is B,C, then c is the Otherwise, N (u ka v ) is recursively executed. maximum among 0 and the number of symbols of the 3) If t is a redex, we select the smallest subterm w of prime factors of B or C that are not subformulas of t having maximal A-communication-complexity r.A some formula in A; sequence of terms is produced 2) d is the number of occurrences of k in u and v; w w w ... w 3) l is the sum of the lengths of the intuitionistic reductions 1 2 n of u and v to reach intuitionistic normal form; such that wn has A-communication-complexity strictly 4) o is the number of occurrences of a in u and v. 0 smaller than r. We substitute wn for w in t obtaining t 0 The A-communication-complexity of u ka v is c. and recursively execute N (t ). For clarity, we define the recursive normalization algorithm We observe that in the step 2 of the algorithm N , by that represents the constructive content of the proofs of construction u ka v is not a redex. After u and v are normalized 0 0 0 0 Prop. VI.1 and VI.3, which are used to prove the Normalization respectively to u and v , it can still be the case that u ka v Theorem. Essentially, our master reduction strategy consists in is not normal, because some free variables of u and v may iterating the basic reduction relation defined below, whose disappear during the normalization, causing a new violation of 0 0 goal is to permute the smallest redex u ka v of maximal the Subformula Property that transforms u ka v into a redex, complexity until u and v are simply typed λ-terms, then even though u ka v was not. normalize them and finally apply the cross reductions. The first step of the normalization proof consists in showing Definition VI.2 (Side Reduction Strategy). Let t : A be a that any term can be reduced to a parallel form. term with free variables xA1 , . . . , xAn and A be the set of 1 n Proposition VI.1. Let t : A be any term. Then t 7→∗ t0, where A the proper subformulas of and the strong subformulas of t0 is a parallel form. the formulas A1,...,An. Let u ka v be the smallest subterm of t, if any, among those of maximal A-complexity and let Proof. Easy structural induction on t. See the Appendix. (c, d, l, o) be its A-complexity. We write We now prove that any term in parallel form can be 0 t t normalized with the help of the algorithm N . 0 whenever t has been obtained from t by applying to u ka v: Lemma VI.2. Let t : A be a term in parallel form which is not 1) a permutation reduction a simply typed λ-term and A a set of formulas containing all proper subformulas of A and closed under subformulas. Assume (u k u ) k v 7→ (u k v) k (u k v) 1 b 2 a 1 a b 2 a that r > 0 is the maximum among the A-communication- u ka (v1 kb v2) 7→ (u ka v1) kb (u ka v2) complexities of the subterms of t. Assume that the free variables A1 An x1 , . . . , xn of t are such that for every i, either each strong if d > 0 and u = u1 kb u2 or v = v1 kb v2; subformula of Ai is in A, or each proper prime subformula of 2) a sequence of intuitionistic reductions normalizing both Ai which has more than r symbols is in A. Suppose moreover u and v, if d = 0 and l > 0; that no subterm u ka v with A-communication-complexity r 3) a cross reduction if d = l = 0 and c > 0, immediately contains a subterm of the same A-communication-complexity. followed by intuitionistic reductions normalizing the Then there exists t0 such that t ∗ t0 and the maximum among newly generated simply typed λ-terms and, if possible, the A-communication-complexities of the subterms of t0 is by applications of the cross reductions u1 kb v1 7→ u1 strictly smaller than r. and u1 kb v1 7→ v1 to the whole term. 4) a cross reduction u ka v 7→ u and u ka v 7→ v if Proof. We prove the lemma by lexicographic induction on the d = l = c = 0. pair (ρ, k) Definition VI.3 (Master Reduction Strategy). We define a normalization algorithm N (t) taking as input a typed term t where k is the number of subterms of t with maximal A- 0 ∗ 0 and producing a term t such that t 7→ t . Assume that the complexity ρ among those with A-communication-complexity A1 An free variables of t are x1 , . . . , xn and let A be the set of r. the proper subformulas of A and the strong subformulas of the Let u ka v be the smallest subterm of t having A-complexity formulas A1,...,An. The algorithm performs the following ρ. Four cases can occur. operations. (a) ρ = (r, d, l, o), with d > 0. We first show that the term 1) If t is not in parallel form, then, using permutation u ka v is a redex. Assume that the free variables of u ka v 0 reductions, t is reduced to a t which is in parallel form are among xA1 , . . . , xAn , aB1→C1 , . . . , aBm→Cm and that the 0 1 n 1 m and N (t ) is recursively executed. communication kind of a is C,D. Suppose by contradiction that all the prime factors of C of Proposition V.1. We need to check that u ka v is a and D are proper subformulas of A or strong subformulas of redex, in particular that the communication complexity of one among A1,...,An,B1 → C1,...,Bm → Cm. Given that a is greater than 0. Assume that the free variables of u ka v A1 An B1→C1 Bm→Cm r > 0 there is a prime factor P of C or D such that P has r are among x1 , . . . , xn , a1 , . . . , am and that the symbols and does not belong to A. The possible cases are two: communication kind of a is C,D. As we argued above, 0 (i) P is a proper subformula of a prime proper subformula Ai we obtain that not all the prime factors of C and D are 0 of Ai such that Ai ∈/ A; (ii) P , by Proposition IV.1, is a proper proper subformulas of A or strong subformulas of one among subformula of a prime factor of Bi or Ci. Suppose (i). Since A1,...,An,B1 → C1,...,Bm → Cm. By Definition IV.6, 0 0 Ai ∈/ A, by hypothesis the number of symbols of Ai is less u ka v is a redex. 0 than or equal to r, so P cannot be a proper subfomula of Ai, We now prove that every occurrence of a in u and v is which is a contradiction. Suppose (ii). Then there is a prime of the form a ξ for some term or projection ξ. First of all, factor of Bi or Ci having a number of symbols greater than r. a occurs with arrow type both in u and v. Moreover, u : Bi→Ci Since by hypothesis ai is bound in t, we conclude that A and v : A, since t : A and t is a parallel form; hence, there is a subterm w1 kai w2 of t having A-complexity greater the types C → D and D → C cannot be subformulas of than ρ, which is absurd. A, otherwise r = 0, and cannot be proper subformulas of Now, since d > 0, we may assume u = w1 kb w2 (the case one among A1,...,An,B1 → C1,...,Bn → Cn, otherwise v = w1 kb w2 is symmetric). The term the prime factors of C,D would be strong subformulas of A ,...,A ,B → C ,...,B → C (w k w ) k v one among 1 n 1 1 m m. Thus by 1 b 2 a Prop. V.2 we are done. Two cases can occur. is then a redex of t and by replacing it with • a does not occur in u or v: to fix ideas, let us say it

(w1 ka v) kb (w2 ka v) (1) does not occur in u. By performing a cross reduction, 0 0 we replace in t the term u ka v with u and obtain a we obtain from t a term t such that t t according to term t0 such that t t0 according to Def. VI.2. After Def. VI.2. We must verify that we can apply to t0 the main 0 the replacement, the number of subterms having maximal induction hypothesis. Indeed, the reduction t t duplicates all A-complexity ρ in t0 is strictly smaller than the number the subterms of v, but all of their A-complexities are smaller of such subterms in t. By induction hypothesis, t0 ∗ t00, than r, because u ka v by choice is the smallest subterm of t where t00 satisfies the thesis. having maximal A-complexity ρ. The two terms w1 ka v and • a occurs in u and in v. Let u = C[a w1 σ] and v = w2 ka v have smaller A-complexity than ρ, because they have D[a w2 τ] where the displayed occurrences of a are the numbers of occurrences of the symbol k strictly smaller than 0 rightmost in u and v and σ, τ are the stacks of all terms or in u ka v. Moreover, the terms in t with (1) as a subterm projections a is applied to. By applying a cross reduction have, by hypothesis, A-communication-complexity smaller to C[a w1 σ] ka D[a w2 τ] we obtain the term (∗) than r and hence A-complexity smaller than ρ. Assuming that the communication kind of b is F,G, the prime factors bhzi/y bhyi/z (D[w1 τ] ka C[a w1]) kb (C[w2 σ] ka D[a w2]) of F and G that are not in A must have fewer symbols than the prime factors of C and D that are not in A, again By hypothesis, y is the sequence of the free variables of because u ka v by choice is the smallest subterm of t having w1 which are bound in C[a w1 σ] and z is the sequence of maximal A-complexity ρ; hence, the A-complexity of (1) the free variables of w2 which are bound in D[a w2 τ] and 0 is smaller than ρ. Therefore the number of subterms of t a does not occur neither in w1 nor in w2. Since u, v satisfy with A-complexity ρ is strictly smaller than k. By induction conditions 1. and 2. of Proposition V.1 the types Y1,...,Yi 0 ∗ 00 00 hypothesis, t t , where t satisfies the thesis. and Z1,...,Zj of respectively the variables y and z are proper subformulas of A or strong subformulas of the (b) ρ = (r, d, l, o), with d = 0 and l > 0. Since d = 0, formulas A1,...,An,B1 → C1,...,Bm → Cm. Hence, u and v are simply typed λ-terms – and thus strongly the types among Y1,...,Yi,Z1,...,Zj which are not in normalizable [15] – so we may assume u 7→∗ u0 ∈ NF and A are strictly smaller than all the prime factors of the ∗ 0 v 7→ v ∈ NF by a sequence of intuitionistic reduction rules. formulas B1,C1,...,Bm,Cm. Since the communication 0 0 By replacing in t the subterm u ka v with u ka v , we kind of b is Y1 ∧ ... ∧ Yi,Z1 ∧ ... ∧ Zj, by Definition obtain a term t0 such that t t0 according to Definition VI.2. VI.1 either the A-complexity of the term (∗) above is 0 0 0 Moreover, the terms in t with u ka v as a subterm have, strictly smaller than the A-complexity ρ of u ka v, or the by hypothesis, A-communication-complexity smaller than communication kind of b is >. In the latter case we apply r and hence A-complexity is smaller than ρ. By induction a cross reduction u1 kb v1 7→ u1 or u1 kb v1 7→ v1 and hypothesis, t0 ∗ t00, where t00 satisfies the thesis. obtain a term with A-complexity strictly smaller than ρ. 0 0 In the former case, let w1, w2 be simply typed λ-terms (c) ρ = (r, d, l, o), with d = l = 0. Since d = 0, u such that and v are simply typed λ-terms. Since l = 0, u and v bhzi/y ∗ 0 bhyi/z ∗ 0 are in normal form and thus satisfy conditions 1. and 2. w1 τ 7→ w1 ∈ NF and w2 σ 7→ w2 ∈ NF ∗ 0 0 By hypothesis, a does not occur in w1, w2, σ, τ and thus that of t, by induction hypothesis u 7→ u , where u is a 0 0 neither in w1 nor in w2. Moreover, by the assumptions normal parallel form. 0 ∗ 0 on σ and τ and since C[a w1 σ] and D[a w2 τ] are normal If A ⊂ A, again by induction hypothesis u 7→ u , where 0 0 0 simply typed λ-terms, C[w2] and D[w1] are normal too u is a normal parallel form. and contain respectively one fewer occurrence of a than The very same argument on A00 shows that v 7→∗ v0, where the former terms. Hence, the A-complexity of the terms v0 is a normal parallel form. Let now t0 = u0 k v0, so that t 7→∗ t0. If t0 is normal, we D[w0 ] k C[a w ] C[w0 ] k D[a w ] a 1 a 1 and 2 a 2 are done. If t0 is not normal, since u0 and v0 are normal, the only possible redex remaining in t0 is the whole term itself, is strictly smaller than the A-complexity ρ of u ka v. Let 0 0 0 now t0 be the term obtained from t by replacing the term i.e., u ka v : that happens only if the free variables of t are fewer than those of t; w.l.o.g., assume they are xA1 , . . . , xAi , C[a w1 σ] ka D[a w2 τ] with 1 i with i < n. Let B be the set of the proper subformulas of A 0 0 (D[w1] ka C[a w1]) kb (C[w2] ka D[a w2]) (2) and the strong subformulas of the formulas A1,...,Ai. Since t0 is a redex, the communication complexity of a is greater By construction t t0. Moreover, the terms in t0 with (2) than 0; by Definition IV.6, a prime factor of B or C is not as a subterm have, by hypothesis, A-communication- in B, so we have B ⊂ A. By induction hypothesis, t0 7→∗ t00, complexity smaller than r and hence A-complexity is where t00 is a parallel normal form. smaller than ρ. Hence, we can apply the main induction hypothesis to t0 and obtain by induction hypothesis, Second case: t is a redex. Let u k v be the smallest subterm t0 ∗ t00, where t00 satisfies the thesis. a of t having A-communication-complexity r. The free variables (d) ρ = (r, d, l, o), with d = l = o = 0. Since o = 0, u ka v of u ka v satisfy the hypotheses of Lemma VI.2 either because is a redex. To fix ideas, let us say a does not occur in u. By have type Ai and A contains all the strong subformulas of performing a cross reduction, we replace u ka v with u so Ai, or because the prime proper subformulas of their type that u ka v u according to Def. VI.2. Hence, by induction r r 0 ∗ 00 00 have at most symbols, by maximality of . By Lemma VI.2 hypothesis, t t , where t satisfies the thesis. ∗ u ka v w where the maximal among the A-communication- Proposition VI.3. Let t : A be any term in parallel form. Then complexity of the subterms of w is strictly smaller than r. Let 0 t 7→∗ t0, where t0 is a parallel normal form. t be the term obtained replacing w for u ka v in t. We can now apply the induction hypothesis and obtain t0 7→∗ t00 with A1 An 00 Proof. Assume that the free variables of t are x1 , . . . , xn t in parallel normal form. and let A be the set of the proper subformulas of A and the strong subformulas of the formulas A1,...,An. We prove the The normalization for λG, and thus for NG, easily follows. theorem by lexicographic induction on the quadruple Theorem VI.4. Suppose that t : A is a proof term of G. Then ∗ 0 0 (|A|, r, k, s) t 7→ t : A, where t is a normal parallel form. where |A| is the cardinality of A, r is the maximal A- VII.COMPUTINGWITH λG communication-complexity of the subterms of t, k is the We illustrate the expressive power of λG by a few examples. number of subterms of t having maximal A-communication- All the examples employ the normalization algorithm in complexity r and s is the size of t. If t is a simply typed Definition VI.3; to limit its non-determinism, when we have λ-term, it has a normal form [15] and we are done; so we to reduce u ka v because a does not occur neither in u nor in assume t is not. There are two main cases. v, we always use the reduction u ka v 7→ u. Henceforth we use the types N for natural numbers, Bool for the Boolean values and String for strings. First case: t is not a redex. Let t = u ka v and let B,C be the communication kind of a. Then, the communication complexity We start by showing that λG is more expressive than simply of a is 0 and by Def. IV.6 every prime factor of B or C belongs typed λ-calculus. 0 to A. Let A be the set of the proper subformulas of A and Example VII.1 (Parallel or). Berry’s sequentiality theorem the strong subformulas of the formulas A1,...,An,B → C; (see [15]) implies that there is no λ-term O : Bool → Bool → 00 let A be the set of the proper subformulas of A and the Bool such that OFF 7→ F, OuT 7→ T, OTu 7→ T, where u is strong subformulas of the formulas A1,...,An,C → B. By an arbitrary normal term, and thus possibly a variable. O can Prop. IV.1, every strong subformula of B → C or C → B instead be defined in Boudol’s parallel λ-calculus [7]. is a proper subformula of a prime factor of B or C, and this The λG term for such parallel or is (as usual the term 0 00 prime factor is in A. Hence, A ⊆ A and A ⊆ A. “if u then s else t” reduces to s if u = T, and to t if u = F): If A0 = A, then the maximal A0-communication-complexity of the terms of u is less than or equal to r and the number of O := λxBool λyBool (if x then (λz λk z) else (λz λk k))T(ax) terms having maximal A0-communication-complexity is less than or equal to k; since the size of u is strictly smaller than ka (if y then (λz λk z) else (λz λk k))T(ay) where the communication kind of a is Bool, Bool. Now Example VII.4 (Efficiency via cross reductions). Given three O u T 7→∗(if u then (λz λk z) else (λz λk k))T(au) processes M kd (P ka Q). Assume that Q wants to send a process to P , but one of the process’ parameters is not available k (if T then (λz λk z) else (λz λk k))T(aT) a because M first needs many time-consuming steps to produce 7→∗(if u then (λz λk z) else (λz λk k))T(au) k T 7→ T a it and only afterwards can send it to Q. Cross reductions make And symmetrically OT u 7→∗ T. On the other hand it possible to fully exploit parallelism and improve the program ∗ efficiency: Q does not need to wait that much and can send OFF 7→ (λz λk k)T(aF) ka (λz λk k)T(aF) ∗ the process directly to P , which can begin to partially evaluate 7→ (aF) k (aF) a it with no further delay. After having computed the data, M 7→∗ (F k (aF)) k (F k (aF)) 7→∗ F a b a sends it to Q which in turn forwards it to P . For a concrete example, assume that

Example VII.2 (Data passing). As in the previous example, if M 7→∗ d (λkN→N→N k 7 0) the messages sent during a cross reduction are closed terms, for P = d 0 (λjN λxN (ax)5s) example data, the outcome is a simple unidirectional message Q = d 0 (λyN λlN a(λzN λiσ hhg(z), yi)) passing. Indeed, the newly introduced communication is void and is always removed: where h : N ∧ N → N, g : N → N, the communication kind of d is (N → N → N) → N, N, and the communication kind of C[a u] k D[a v] 7→ a a is N, N → σ → N with σ arbitrary type of high complexity. N σ (D[u] ka C[a u]) kb (C[v] ka D[a v]) 7→ D[u] ka C[a u] Here Q wants to send λz λi hhg(z), yi to P , but the value 7 of the parameter y is computed and transmitted to Q by M If we want a process s to transmit a message m : B to a process t without t passing anything back, we can use the following only later. On the other hand, P waits for the process from Q term (a has communication kind (B → F ) → F,F → F ): in order to instantiate z with 5 and compute hhg(5), 7i. Without a special mechanism for sending open terms, P A→F F B (aλz zm)s ka (aλy y)(λx t) 7→ must wait for M to normalize. Afterwards M passes (λk k 7 0) through d to P and Q with the following computation: ((λz zm)(λx t) ka (aλz zm)s) ke ((λy y)s ka (aλy y)(λx t)) ∗ M k (P ka Q) 7→ (λk k 7 0)(λj λx (ax)5s) ka 7→∗ (λz zm)(λx t) k (λy y)s 7→∗ t[m/x] k s d e e (λk k 7 0)(λy λl a(λz λi hhg(z), yi)) 7→∗ ∗ ∗ This reduction resembles indeed the unidirectional commu- (a 0)5s ka a(λz λi hhg(z), 7i) 7→ (λz λi hhg(z), 7i)5s 7→ hhg(5), 7i ahmi.P | a(x).Q 7→ P | Q[m/x] π nication in the -calculus Our normalization algorithm allows instead Q to directly send [26], [33], assuming a does not occur in P and Q. λzN λiσ hhg(z), yi to P by executing first a cross reduction: In the following example, similar to that in [8], we simulates   M k d 0(λj λx (ax)5s) k d 0(λy λl a(λz λi hhg(z), yi)) the communication needed to conclude an online sale. d a   7→M k (d 0(λy λl by)|| P ) k d 0(λj λx (λz λi hhg(z), bxi)5s) k Q
Example VII.3 (Buyer and vendor). We model the following d a b a ∗   transaction: a buyer tells a vendor a product name prod : String, 7→ M kd d 0(λy λl by) kb d 0(λj λx (λz λi hhg(z), bxi)5s) the vendor computes the value price : N of prod and sends b N, N it to the buyer, the buyer sends back the credit card number where the communication (of kind ) redirects the data x and y. Then P instantiates z with 5 and can compute for card : String which is used to pay. example g(5) = 9 without having to evaluate hhg(5), 7i all at We introduce the following functions: cost : String → N once. When M terminates the computation, sends 7 to the new with input a product name prod and output its cost price; location of the partially evaluated processes P and Q via k : pay for : N → String with input a price and output a credit b   card number card; use : String → N that obtains money using 7→∗M k d 0(λy λl by) k d 0(λj λx hhg(5), bxi) as input a credit card number card : String. The buyer and the d b     vendor are the contexts B and V of type Bool. Notice that the 7→∗ M k d 0(λy λl by) k M k d 0(λj λx hh9, bxi) terms representing buyer and vendor exchange their position at d b d ∗ each cross reduction. For a of kind String, N, the program is: 7→ (λk k 7 0)(λy λl by) kb (λk k 7 0)(λj λx hh9, bxi) ∗ ∗ 7→ b7 kb hh9, b 0i 7→ hh9, 7i B[a(pay for(a(prod)))] ka V[use(a(cost(a 0)))] ∗ 7→ V[use(a(cost(prod)))] ka B[a(pay for(a(prod)))] Final Remark The Curry–Howard isomorphism for λG in- 7→ V[use(a(price))] ka B[a(pay for(a(prod)))] terprets Godel¨ logic in terms of communication between ∗ 7→ B[a(pay for(price))] ka V[use(a(price))] parallel processes. In addition to revealing this connection, ∗ 7→ B[a(card)] ka V[use(a(price))] 7→ V[use(card)] ka B[a(card)] our results pave the way towards a more general compu- tational interpretation of the intermediate logics formalized Finally 7→ V[use(card)]: the buyer has performed its duty and by hypersequent calculi. These logics are characterized by the vendor uses the card number to obtain the due payment. disjunctive axioms of a suitable form [9] – containing all the We show that although more complicated than sending data, disjunctive tautologies of [11] – and likely correspond to other sending open processes can enhance efficiency. communication mechanisms between parallel processes. REFERENCES APPENDIX

[1] F. Aschieri. On Natural Deduction for Herbrand Constructive Logics I: Propostition IV.1 (Characterization of Strong Subformulas). Curry–Howard Correspondence for Dummett’s Logic LC. Log. Methods Comput. Sci., vol. 12(3) n. 13, pp. 1–31, 2016. Suppose B is any strong subformula of A. Then: [2] F. Aschieri, M. Zorzi. On Natural Deduction in Classical First-Order • A = A ∧ ... ∧ A n > 0 A ,...,A Logic: Curry–Howard Correspondence, Strong Normalization and Her- If 1 n, with and 1 n brand’s Theorem. Theoret. Comput. Sci., 625: 125–146, 2016. are prime, then B is a proper subformula of one among [3] A. Avron. Hypersequents, logical consequence and intermediate logics A1,...,An. for concurrency. Ann. Math. Artif. Intell., 4: 225–248, 1991. • If A = C → D, then B is a proper subformula of a prime [4] A. Avron. The method of hypersequents in the proof theory of propositional non-classical logic. In Logic: From Foundations to factor of C or D. Applications. Oxford University Press, pp. 1–32, 1996. [5] M. Baaz, A. Ciabattoni, C. Fermuller.¨ A Natural Deduction System for Intuitionistic Fuzzy Logic. In Lectures on Soft Computing and Fuzzy Proof. Logic, pp. 1–18, Physica-Verlag, 2000. • Suppose A = A ∧ ... ∧ A , with n > 0 and A ,...,A [6] A. Beckmann and N. Preining. Hyper natural deduction. In LICS 2015, 1 n 1 n pp. 547–558, 2015. are prime. Any prime proper subformula of A is a [7] G. Boudol. Towards a lambda-calculus for concurrent and communicating subformula of one among A1,...,An, so B must be systems. TAPSOFT ’98, pp. 149-161, vol. 1, 1989. a proper subformula of one among A1,...,An. [8] L. Caires and F. Pfenning. Session types as intuitionistic linear proposi- tions. In CONCUR 2010 pages 222-236. LNCS 6269, 2010. • Suppose A = C → D. Any prime proper subfor- [9] A. Ciabattoni, N. Galatos and K. Terui. From axioms to analytic rules mula X of A is first of all a subformula of C or in nonclassical logics. In LICS 2008, pp. 229–240, 2008. D. Assume now C = C1 ∧ ... ∧ Cn and D = [10] A. Ciabattoni and F. A. Genco. Embedding formalisms: hypersequents and two-level systems of rules. In AIML 2016, pp. 197–216, 2016. D1 ∧ ... ∧ Dm, with C1,...,Cn,D1,...,Dm prime. [11] V. Danos, J.-L. Krivine. Disjunctive Tautologies as Synchronisation Since X is prime, it must be a subformula of one Schemes. In CSL 2000, 1862: 292–301, 2000. among C1,...,Cn,D1,...,Dm and since B is a proper [12] M. Dummett. A propositional calculus with denumerable matrix. J. Symbolic Logic, 24: 97–106, 1959. subformula of X , it must be a proper subformula of one [13] D. Flanagan. JavaScript: the Definitive Guide, O’Reilly Media, 2011. among C1,...,Cn,D1,...,Dm, QED. [14] A. Fuggetta, G.P. Picco and G. Vigna. Understanding Code Mobility. IEEE Transactions on Software Engineering, 24: 342–361, 1998. [15] J.-Y. Girard and Y. Lafont and P. Taylor, Proofs and Types. Cambridge University Press, 1989. Theorem IV.2 (Subject Reduction). If t : A and t 7→ u, then [16] K. Godel:¨ Zum intuitionistischen Aussagenkalkul.¨ Anzeiger der Kaiserlichen Akademie der Wissenschaften, Mathematisch- u : A and all the free variables of u appear among those of t. Naturwissenschaftliche Classe. Wien. 69: 65–66, 1932. [17] T. Griffin. A Formulae-as-Type Notion of Control. In POPL 1990, 1990. Proof. (λx u)t 7→ u[t/x] [18] P. de Groote, A Simple Calculus of Exception Handling, Proceedings of 1) . TLCA 1995, LNCS, vol. 902 pp. 201–215, 1995. A term (λx u)t corresponds to a derivation of the form [19] Y. Hirai. A lambda calculus for Godel–Dummett¨ logic capturing 1 waitfreedom. In FLOPS 2012, pp. 151–165, 2012. Γ0, [x : A] [20] W. A. Howard. The formulae-as-types notion of construction. In To H. B. . Curry: Essays on Combinatory Logic, Lambda Calculus, and Formalism . , . Γ1 Academic Press, pp. 479–491. 1980. u : B 1 P [21] J.-L. Krivine. Classical Realizability. Interactive models of computation λx u : A → B t : A and program behavior, Panoramas et syntheses` , pp. 197–229, 2009. [22] J.-L. Krivine. Lambda-calcul types et modeles.` Studies in Logic and (λx u)t : B Foundations of Mathematics. Masson, pp. 1–176. 1990. [23] P. J. Landin. The Mechanical Evaluation of Expressions. The Computer where Γ0 and Γ1 are the open hypotheses. Hence, the Journal, 6(4), pp. 308–320, 1964. term u[t/x] corresponds to [24] E.G.K. Lopez-Escobar. Implicational logics in natural deduction systems. J. Symbolic Logic, 47(1): 184–186, 1982. [25] G. Metcalfe and N. Olivetti and D. Gabbay. Proof Theory for Fuzzy Γ1 Logics. Springer Series in Applied Logic vol. 36, 2008. P [26] R. Milner. Functions as Processes. Mathematical Structures in Computer Γ0 .t : A Science, vol. 2, n. 2, pp. 119–141,1992. . [27] D. Mostrous, N. Yoshida. Session typing and asynchronous subtyping for . the higher-order π-calculus. Inf. Comput., vol. 241, pp. 227–263, 2015. u : B [28] T. Murphy, K. Crary, R. Harper, F. Pfenning. A Symmetric Modal Lambda Calculus for Distributed Computing. In LICS 2004, pp. 286–295, 2004. where all occurrences of [x : A]1 are replaced by the [29] S. Negri. Proof analysis beyond geometric theories: from rule systems derivation P of t : A. It is easy to prove, by induction to systems of rules. J. Logic Comput., vol. 27, pp. 513-537, 2016. [30] M. Parigot. Proofs of Strong Normalization for Second-Order Classical on the length of the derivation from Γ0, x : A to B, that Natural Deduction. J. Symbolic Logic, 62(4): 1461–1479, 1997. this is a derivation of B. The two derivations have the [31] J. A. Perez.´ Higher-Order Concurrency: Expressiveness and Decidability same open hypotheses Γ and Γ , and hence the two Results, PhD thesis, University of Bologna, 2010. 0 1 [32] D. Prawitz. Ideas and Results in Proof Theory. In Proceedings of the terms (λx u)t and u[t/x] have the same free variables. Second Scandinavian Logic Symposium, 1971. Indeed, it is easy to show that if a term corresponds to a [33] D. Sangiorgi and D. Walker. The pi-calculus: a Theory of Mobile derivation, each free variable of such term corresponds Processes. 2003. [34] P. Wadler. Propositions as Types. Communications of the ACM, 58(12): to an open hypothesis of the derivation. 75–84, 2015. 2) hu0, u1iπi 7→ ui, for i = 0, 1. A term hu0, u1iπi corresponds to a derivation of the In which the formulas corresponding to the terms a form are discharged above the appropriate premise of the Γ0 Γ1 . . (com) rule application. All open hypotheses of the second . . derivation also occur in the first derivation, and thus the u0 : A0 u1 : A1 free variables of wu ka wv are also free variables of hu0, u1i : A0 ∧ A1 w(u ka v). hu0, u1iπi : Ai 5) efqP (w1 ka w2) 7→ efqP (w1) ka efqP (w2), where P is atomic. where Γ and Γ are the open hypotheses. Hence, the 0 1 A term efq (w k w ) corresponds to a derivation of term u corresponds to P 1 a 2 i the form Γi . Γ , [a : A → B]1 Γ , [a : B → A]1 . 1 . 2 . . . ui : Ai . . w1 : ⊥ w2 : ⊥ Clearly, all open hypotheses of the derivation of ui : Ai w1 ka w2 : ⊥ also occur in the derivation of hu0, u1iπi : Ai, hence the free variables of ui are a subset of those of hu0, u1iπi. efqP (w1 ka w2): P 3) (u k v)w 7→ uw k vw, if a does not occur free in w. a a where Γ1 and Γ2 are the open hypotheses. Hence, the A term (u ka v)w corresponds to a derivation of the term efqP (w1) ka efqP (w2) corresponds to form 1 1 Γ , [a : A → B]1 Γ , [a : B → A]1 Γ1, [a : A → B] Γ2, [a : B → A] 0 . 1 ...... Γ.2 . . . ⊥ ⊥ u : C → D v : C → D 1 . efq (w1): P efq (w1): P u ka v : C → D w : C P P 1 efq (w ) k efq (w ): P (u ka v)w : D P 1 a P 2

where Γ0, Γ1 and Γ2 are the open hypotheses. Hence, In which the formulas corresponding to the terms a the term uw ka vw corresponds to are discharged above the appropriate premise of the 1 1 (com) rule application. All open hypotheses of the second Γ0, [a : A → B] Γ Γ1, [a : B → A] Γ . .2 . .2 derivation also occur in the first derivation, and thus ...... efqP (w1) ka efqP (w2) has the same free variables as u : C → D w : C v : C → D w : C efq (w k w ). uw : D vw : D P 1 a 2 1 6) (u ka v)πi 7→ uπi ka vπi, for i = 0, 1. uw ka vw : D A term (u ka v)πi corresponds to a derivation of the Notice that the formulas corresponding to the terms a form are discharged above the appropriate premise of the 1 1 Γ1, [a : A → B] Γ2, [a : B → A] (com) rule application. All open hypotheses of the second . . . . derivation also occur in the first derivation, hence the . . u : C0 ∧ C1 v : C0 ∧ C1 free variables of (u ka v)w are also free variables of 1 u ka v : C0 ∧ C1 uw ka vw. 4) w(u ka v) 7→ wu ka wv, if a does not occur free in w. (u ka v)πi : Ai A term w(u k v) corresponds to a derivation of the a where Γ and Γ are the open hypotheses. Hence, the form 1 2 term uπ k vπ corresponds to Γ , [a : A → B]1 Γ , [a : B → A]1 i a i 1 . 2 . Γ . . Γ , [a : A → B]1 Γ , [a : B → A]1 .0 . . 1 . 2 . . . . . u : C v : C 1 . . w : C → D u ka v : C u : C0 ∧ C1 v : C0 ∧ C1 w(u ka v): D uπi : Ci vπi : Ci uπi ka vπi : Ci where Γ0, Γ1 and Γ2 are the open hypotheses. Hence, the term wu ka wv corresponds to In which the formulas corresponding to the terms a Γ1, Γ2, are discharged above the appropriate premise of the 1 1 Γ0 [a : A → B] Γ0 [a : B → A] (com) rule application. All open hypotheses of the second ...... derivation also occur in the first derivation, and thus the w : C → D u : C w : C → D v : C free variables of (u ka v)πi and of uπi ka vπi are the wu : D wv : D 1 same. wu ka wv : D 7) λx (u ka v) 7→ λx u ka λx v. 1 1 Γ0, [a : A → B] , Γ1, [a : B → A] , A term λx (u ka v) corresponds to a derivation [b : C → D]2 [b : C → D]2 2 1 2 1 . . Γ1, [x : C] , [a : A → B] Γ2, [x : C] , [a : B → A] P ≡ . . . . 1 ...... u : E v : E 1 u : D v : D 1 u ka v : E u ka v : D 2 Γ , [b : D → C]2 λx (u ka v): C → D 2 . P ≡ . 2 . where Γ1 and Γ2 are the open hypotheses. Hence, the w : E term λx u ka λx v corresponds to where Γ0, Γ1 and Γ2 are the open hypotheses. Hence, Γ , [x : C]1, [a : A → B]3 Γ , [x : C]2, [a : B → A]3 1 . 2 . the term (u kb w) ka (v kb w) corresponds to . . . . P P 1 2 3 u : D 1 v : D 2 (u kb w) ka (v kb w): E λx u : C → D λx v : C → D 3 λx u ka λx v : C → D where P1 ≡ In which the formulas corresponding to the terms a are Γ , [a : A → B]3, [b : C → D]1 Γ , [b : D → C]1 0 . 2 . discharged above the appropriate premise of the (com) . . . . rule application. All open hypotheses of the second u : E w : E derivation also occur in the first derivation, and thus 1 u kb w : E λx (u ka v) and λx u ka λx v have the same free variables. and P2 ≡ 8) hu k v, wi 7→ hu, wi k hv, wi, if a does not occur free a a Γ , [a : B → A]3, [b : C → D]2 Γ , [b : D → C]2 in w. 1 . 2 . . . A term hu ka v, wi corresponds to a derivation . . v : E w : E 1 1 2 Γ0, [a : A → B] Γ1, [a : B → A] v kb w : E . . . . Γ.2 . In which the formulas corresponding to the terms a and b u : C v : C 1 . are discharged above the appropriate premise of the (com) u ka v : C w : D rule applications. All open hypotheses of the second hu k v, wi : C ∧ D a derivation also occur in the first derivation, and thus the (u k v) k w (u k w) k (v k w) where Γ0, Γ1 and Γ2 are the open hypotheses. Hence, free variables of a b and b a b the term hu, wi ka hv, wi corresponds to are the same. 11) w kb (u ka v) 7→ (w kb u) ka (w kb v), if the 1 1 Γ0, [a : A → B] Γ2 Γ1, [a : B → A] Γ2 communication complexity of b is greater than 0...... A term w kb (u ka v) corresponds to a derivation u : C w : D v : C w : D P P hu, wi : C ∧ D hv, wi : C ∧ D 1 2 1 w : E u ka v : E 2 where hu, wi ka hv, wi : C ∧ D w kb (u ka v): E In which the formulas corresponding to the terms a are Γ , [b : D → C]2 discharged above the appropriate premise of the (com) 2 . P1 ≡ . rule applications. All open hypotheses of the second . derivation also occur in the first derivation, and thus the w : E free variables of the terms hu k v, wi and hu, wi k 1 1 a a Γ0, [a : A → B] , Γ1, [a : B → A] , hv, wi are the same. [b : C → D]2 [b : C → D]2 . . 9) hw, u ka vi 7→ hw, ui ka . . P2 ≡ . . hw, vi, if a does not occur free in w. . . u : E v : E The case is symmetric to the previous one. 1 u ka v : E 10) (u ka v) kb w 7→ (u kb w) ka (v kb w), if the communication complexity of b is greater than 0. Here we represent by Γ0, Γ1 and Γ2 the open hypotheses A term (u ka v) kb w corresponds to a derivation of the derivation. Hence, the term (w kb u) ka (w kb v) corresponds to D1 P2 u ka v : E w : E where P1 P2 2 3 where (u ka v) kb w : E (w kb u) ka (w kb v): E V Θ and E as the derivation P in which all hypotheses 1 3 1 P Γ2, [b : D → C] Γ0, [a : A → B] , [b : C → D] contained in Θ are derived as follows . . . . V Θ P1 ≡ . . w : E u : E 1 θ2 ∧ .... ∧ θk w kb u : E . . V 2 3 2 Θ θk−1 ∧ θk Γ2, [b : D → C] Γ1, [a : B → A] , [b : C → D] . . θ ··· θ . . 1 k P2 ≡ . . w : E v : E 2 A term C[a u] ka D[a v] corresponds to a derivation of w kb v : E the form In which the formulas corresponding to the terms a y :Γ z : ∆ and b are discharged above the appropriate premise of P1 P2 1 1 the (com) rule application. The open hypotheses of the [a : A → B] u : A [a : B → A] v : B second derivation also occur in the first derivation, and au : B av : A P P thus the free variables of the terms w k (u k v) and 3 4 b a C[a u]: E D[a v]: E (w kb u) ka (w kb v) are the same. 1 C[a u] ka D[a v]: E 12) u ka v 7→ u, if a does not occur in u. A term u ka v corresponds to a derivation where Γ and ∆ are the open hypotheses of P1 discharged Γ , [a : B → A]1 in P3, respectively, the open hypotheses of P2 discharged Γ.1 2 . . . in P4; thus Γ corresponds to the sequence y that contains . . the free variables of u which are bound in C[au], while ∆ u : C v : C 1 corresponds to the sequence z of all the free variables of u k v : C a v which are bound in D[av]. No hypotheses a : A → B a : B → A P P where Γ1 and Γ2 are all open hypotheses and no and are discharged neither in 1 nor in 2 hypothesis a : A → B is discharged above u : C by the by the considered (com) application because a does not considered (com) application because a does not occur occur neither in u nor in v. bhzi/y bhyi/z in u. The term u corresponds to the branch rooted at The term (D[u ] ka C[a u]) kb (C[v ] ka u : C, the open hypotheses of which are clearly a subset D[a v]) then corresponds to the derivation of the open hypotheses of the whole derivation. Indeed P1 P2 the (com) application in the derivation corresponding to bhzi/y bhyi/z D[u ] ka C[a u]: E C[v ] ka D[a v]: E 3 u ka v is redundant because C can be derived from the bhzi/y bhyi/z (D[u ] ka C[a u]) kb (C[v ] ka D[a v]) : E hypotheses Γ1 alone. Thus, the free variables of u are a subset of the free variables of u ka v. where P1 ≡ 13) u ka v 7→ v, if a does not occur in v. z : ∆ This case is symmetric to the previous one. I bhzi/y V V 3 V 14) C[a u] ka D[a v] 7→ (D[u ] ka C[a u]) kb [b : ∆ → Γ] hzi : ∆ bhyi/z V (C[v ] ka D[a v]) where C, D are simple contexts; bhzi : Γ y :Γ the displayed occurrences of a are the rightmost both E P1 Pbhzi,y 1 in C[a u] and in D[a v] and b is fresh; y the sequence 1 [a : A → B] u : A bhzi/y of the free variables of u which are bound in C[au]; z u : A au : B P4 P the sequence of the free variables of v which are bound 3 D[ubhzi/y]: E C[a u]: E in D[av]; the communication complexity of a is greater 1 bhzi/y than 0. C[a u] ka D[u ]: E We introduce some notation in order to compactly and P ≡ represent the handling of conjunctions of hypotheses 2 corresponding to y and z. y :Γ I Notation. For any finite set of formulas Θ = {θ1, . . . , θk} [b : V Γ → V ∆]3 hyi : V Γ we define bhyi : V ∆ z : ∆ θ2 θ1 bhyi,z E P2 P [a : B → A]2 v : B θ θ ∧ θ 2 3 2 1 vbhyi/z : B Θ ... θ ∧ θ ∧ θ av : A I as 3 2 1 P3 P V Θ . 4 . C[vbhyi/z]: E D[a v]: E . 2 bhyi/z V Θ C[v ] ka D[a v]: E The resulting derivation is well defined and only needs Then one of the following holds: the open hypotheses of the derivation corresponding to 1) Every occurrence of zB in t is of the form zB ξ for some the term C[a u] ka D[a v]. First, the derivations corre- proof term or projection ξ. sponding to C[a u] and D[a v] are the same as before the 2) B = ⊥ or B is a subformula of A or a proper subformula reduction. Consider then the derivations corresponding of one among the formulas A1,...,An. to D[ubhzi/y] and C[vbhyi/z]. The hypothesis needed in V V Proof. By induction on t. P1 and P2 can be derived by (e∧) from Γ and ∆, Ai V V • t = xi , with 1 ≤ i ≤ n. Trivial. respectively. The formulas Γ and ∆ can in turn be B V V V V • t = z . This means that B = A, and we are done. derived using b : ∆ → Γ and b : Γ → ∆ along T • t = λx u, with A = T → U. By induction hypothesis with the formulas V ∆ and V Γ, in the respective order. applied to u : U, we have two possibilities: i) every Thus it is possible to discharge the elements of Γ and ∆ occurrence of zB in u is of the form zB ξ, and we are in the derivations P and P , respectively, exactly as in 3 4 done; ii) B = ⊥ or B is a subformula of U, and hence the redex derivation corresponding to C[a u] k D[a v]. a of A, or a proper subformula of one among the formulas A1,...,An, and we are done again. Proposition V.1 (Bound Hypothesis Property). Suppose • t = hu1, u2i, with A = T1 ∧ T2. By induction hypothesis applied to u : T and u : T , we have two possibilities: A 1 1 2 2 x 1 , . . . , xAn ` t : A B 1 n i) every occurrence of z in u1 and u2 is of the form zB ξ, and we are done; ii) B = ⊥ or B is a subformula t ∈ NF is a simply typed λ-term and z : B a variable occurring of T or T , and hence of A, or a proper subformula of bound in t. Then one of the following holds: 1 2 one among the formulas A1,...,An, and we are done 1) B is a proper subformula of a prime factor of A. again. 2) B is a strong subformula of one among A1,...,An. • t = efqP (u), with A = P . By induction hypothesis Proof. By induction on t. applied to u : ⊥, we have two possibilities: i) every B B A occurrence of z in u is of the form z ξ, and we are • t = x i , with 1 ≤ i ≤ n. Since by hypothesis z must i done; ii) B = ⊥ or a proper subformula of one among occur bound in t, this case is impossible. T T A1,...,An, and we are done again. • t = λx u, with A = T → U. If z = x , since A is a A • t = x i ξ . . . ξ , where m > 0 and each ξ is either a prime factor of itself, we are done. If z 6= xT , then z i 1 m j term or a projection π . Suppose there is an i such that occurs bound in u and by induction hypothesis applied k in the term ξ : T not every occurrence of zB in u is to u : U, we have two possibilities: i) B is a proper j j of the form zB ξ. If B = ⊥, we are done. If not, then subformula of a prime factor of U and thus a proper by induction hypothesis B is a subformula of T or a subformula of a prime factor – A itself – of A; ii) B j proper subformula of one among A ,...,A . Since T already satisfies 2., and we are done, or B is a strong 1 n j is a proper subformula of A , in both cases B is a proper subformula of T , and thus it satisfies 1. i subformula of one among A1,...,An. • t = hu1, u2i, with A = T1 ∧ T2. Then z occurs bound in B • t = z ξ . . . ξ , where m > 0 and each ξ is either a u or v and, by induction hypothesis applied to u : T 1 m i 1 1 term or a projection π . Suppose there is an i such that and u : T , we have two possibilities: i) B is a proper j 2 2 in the term ξ : T not every occurrence of zB in u is of subformula of a prime factor of T or T , and thus B is i i 1 2 the form zB ξ. If B = ⊥, we are done. If not, then by a proper subformula of a prime factor of A as well; ii) induction hypothesis B is a subformula of T or a proper B satisfies 2. and we are done. i subformula of one among A1,...,An. But the former • t = efq (u), with A = P . Then z occurs bound in P case is not possible, since T is a proper subformula of u. Since ⊥ has no proper subformula, by induction i B, hence the latter holds. hypothesis applied to u : ⊥, we have that B satisfies 2. and we are done. Ai • t = xi ξ1 . . . ξm, where m > 0 and each ξj is either a Proposition V.3 (Parallel Normal Form Property). term or a projection πk. Since z occurs bound in t, it Suppose t ∈ NF, then it is parallel form. B B occurs bound in some term ξj : T , where T is a proper 1) Every occurrence of z in t is of the form z ξ for some subformula of Ai. By induction hypothesis applied to ξj, proof term or projection ξ. we have two possibilities: i) B is a proper subformula of 2) B = ⊥ or B is a subformula of A or a proper subformula a prime factor of T and, by Definition IV.4, B is a strong of one among the formulas A1,...,An. subformula of A . ii) B satisfies 2. and we are done. i Proof. By induction on t. • t is a variable x. Trivial. Proposition V.2. Suppose that t ∈ NF is a simply typed λ-term • t = λx u. Since t is normal, u cannot be of the form and v ka w, otherwise one could apply the permutation A1 An B x1 , . . . , xn , z ` t : A t = λx (v ka w) 7→ λx v ka λx w and t would not be in normal form. Hence, by induction communication variable. Moreover, by induction hypoth- hypothesis u must be a simply typed λ-term, QED. esis applied to u : U, the type of any subterm of u which is not a bound communication variable is either • t = hu1, u2i. Since t is normal, neither u1 nor u2 can be a subformula or a conjunction of subformulas of the of the form v ka w, otherwise one could apply one of the formulas T,A1,...,An,U and therefore of the formulas permutations A1,...,An,A. • t = hu1, u2i, with A = T1 ∧ T2. By Proposition V.3, t hv ka w, u2i 7→ hv, u2i ka hw, u2i is a simply typed λ-term, so t contains no bound com- munication variable. Moreover, by induction hypothesis hu1, v ka wi 7→ hu1, vi ka hu1, wi applied to u1 : T1 and u2 : T2, the type of any subterm and t would not be in normal form. Hence, by induction of u which is not a bound communication variable is hypothesis u1 and u2 must be simply typed λ-terms, QED. either a subformula or a conjunction of subformulas of • t = u v. Since t is normal, neither u nor v can be of the the formulas A1,...,An,T1,T2 and hence of the formulas form w1 ka w2, otherwise one could apply one of the A1,...,An,A. permutations • t = u1 kb u2. Let C,D be the communication kind of b, we first show that the communication complexity of (w k w ) v 7→ w v k w v 1 a 2 1 a 2 b is 0. We reason by contradiction and assume that it is u (w1 ka w2) 7→ u w1 ka u w2 greater than 0. Since t ∈ NF by hypothesis, it follows from Prop. V.3 that u1 and u2 are either simply typed λ-terms and t would not be in normal form. Hence, by induction or of the form v kc w. The second case is not possible, hypothesis u1 and u2 must be simply typed λ-terms, QED. otherwise a permutation reduction could be applied to • t = efq (u). Since t is normal, u cannot be of the form P t ∈ NF. Thus u1 and u2 are simply typed λ-terms. Since w1 ka w2, otherwise one could apply the permutation the communication complexity of b is greater than 0, efq (w k w ) 7→ efq (w ) k efq (w ) the types C → D and D → C are not subformulas of P 1 a 2 P 1 a P 2 C→D A1,...,An,A. By Prop. V.2, every occurrence of b C→D and t would not be in normal form. Hence, by induction in u1 is of the form b v and every occurrence of D→C D→C hypothesis u1 and u2 must be simply typed λ-terms, QED. b in u2 is of the form b w. Hence, we can write • t = u πi. Since t is normal, u cannot be of the form C→D D→C u1 = C[b v] u2 = D[b w] v ka w, otherwise one could apply the permutation where C, D are simple contexts and b is rightmost. Hence (v k w)π 7→ vπ k wπ a i i a i a cross reduction of t can be performed, which contradicts and t would not be in normal form. Hence, by induction the fact that t ∈ NF. Since we have established that the hypothesis u must be a simply typed λ-term, which is the communication complexity of b is 0, the prime factors of thesis. C and D must be proper subformulas of A1,...,An,A. • t = u ka v. By induction hypothesis the thesis holds for Now, by induction hypothesis applied to u1 : A and u2 : A, u and v and hence trivially for t. for each communication variable aF →G occurring bound in t, the prime factors of F and G are proper subformulas of the formulas A1,...,An, A, C → D,D → C and thus Theorem V.4 (Subformula Property). Suppose of the formulas A1,...,An,A; moreover, the type of any subterm of u or u which is not a communication variable xA1 , . . . , xAn ` t : A 1 2 1 n is either a subformula or a conjunction of subformulas of and t ∈ NF. Then: the formulas A1,...,An,C → D,D → C and thus of 1) For each communication variable a occurring bound in the formulas A1,...,An,A. Ai t and with communication kind B,C, the prime factors • t = xi ξ1 . . . ξm, where m > 0 and each ξj : Tj is of B and C are proper subformulas of the formulas either a term or a projection πk and Tj is a subformula of A . By Proposition V.3, t is a simply typed λ-term, so t A1,...,An,A. i 2) The type of any subterm of t which is not a bound contains no bound communication variable. By induction communication variable is either a subformula or a con- hypothesis applied to each ξj : Tj, the type of any subterm of t which is not a bound communication variable is junction of subformulas of the formulas A1,...,An,A. either a subformula or a conjunction of subformulas of the Proof. By Proposition V.3 t = t1 ka1 t2 ka2 ... kan tn+1 and formulas A1,...,An,T1,...,Tm and thus of the formulas each term ti, for 1 ≤ i ≤ n + 1, is a simply typed λ-term. By A1,...,An,A. induction on t. Ai • t = efqP (u), with A = P . Then u = xi ξ1 . . . ξm, where Ai • t = xi , with 1 ≤ i ≤ n. Trivial. m > 0 and each ξj is either a term or a projection πk. T • t = λx u, with A = T → U. By Proposition V.3, Hence, ⊥ is a subformula of Ai. Finally, by the proof of t is a simply typed λ-term, so t contains no bound the previous case, we obtain the thesis for t. Proposition VI.1. Let t : A be any term. Then t 7→∗ t0, where t0 is a parallel form. Proof. By induction on t. • t is a variable x. Trivial. • t = λx u. By induction hypothesis, ∗ u 7→ u1 ka1 u2 ka2 ... kan un+1

and each term ui, for 1 ≤ i ≤ n + 1, is a simply typed λ-term. Applying n times the permutations we obtain ∗ t 7→ λx u1 ka1 λx u2 ka2 ... kan λx un+1 which is the thesis. • t = u v. By induction hypothesis, ∗ u 7→ u1 ka1 u2 ka2 ... kan un+1 ∗ v 7→ v1 kb1 v2 kb2 ... kbm vm+1

and each term ui and vi, for 1 ≤ i ≤ n + 1, m + 1, is a simply typed λ-term. Applying n + m times the permutations we obtain ∗ t 7→ (u1 ka1 u2 ka2 ... kan un+1) v ∗ 7→ u1 v ka1 u2 v ka2 ... kan un+1 v ∗ 7→ u1 v1 kb1 u1 v2 kb2 ... kbm u1 vm+1 ka1 ...

... kan un+1 v1 kb1 un+1 v2 kb2 ... kbm un+1 vm+1 • t = hu, vi. By induction hypothesis, ∗ u 7→ u1 ka1 u2 ka2 ... kan un+1 ∗ v 7→ v1 kb1 v2 kb2 ... kbm vm+1

and each term ui and vi, for 1 ≤ i ≤ n + 1, m + 1, is a simply typed λ-term. Applying n + m times the permutations we obtain ∗ t 7→ hu1 ka1 u2 ka2 ... kan un+1, vi ∗ 7→ hu1, vi ka1 hu2, vi ka2 ... kan hun+1, vi ∗ 7→ hu1, v1i kb1 hu1, v2i kb2 ... kbm hu1, vm+1i ka1 ...

... kan hun+1, v1i kb1 hun+1, v2i kb2 ...

... kbm hun+1, vm+1i

• t = u πi. By induction hypothesis, ∗ u 7→ u1 ka1 u2 ka2 ... kan un+1

and each term ui, for 1 ≤ i ≤ n + 1, is a simply typed λ-term. Applying n times the permutations we obtain ∗ t 7→ u1 πi ka1 u2 πi ka2 ... kan un+1 πi.

• t = efqP (u). By induction hypothesis, ∗ u 7→ u1 ka1 u2 ka2 ... kan un+1

and each term ui, for 1 ≤ i ≤ n + 1, is a simply typed λ-term. Applying n times the permutations we obtain ∗ t 7→ efqP (u1) ka1 efqP (u2) ka2 ... kan efqP (un+1) QED