Comparing Type Systems for Deadlock Freedom

Message-passing software systems exhibit non-trivial forms of concurrency and distribution; they are expected to follow intended protocols among communicating services, but also to never"get stuck". This intuitive requirement has been expressed by liveness properties such as progress or (dead)lock freedom and various type systems ensure these properties for concurrent processes. Unfortunately, very little is known about the precise relationship between these type systems and the classes of typed processes they induce. This paper puts forward the first comparative study of different type systems for message-passing processes that guarantee deadlock freedom. We compare two classes of deadlock-free typed processes, here denoted L and K. The class L stands out for its canonicity: it results from Curry-Howard interpretations of linear logic propositions as session types. The class K, obtained by encoding session types into Kobayashi's linear types with usages, includes processes not typable in other type systems. We show that L is strictly included in K, and identify the precise conditions under which they coincide. We also provide two type-preserving translations of processes in K into processes in L.


Introduction
In this paper, we formally relate different type systems for concurrent processes specified in the π-calculus [MPW92]. A fundamental model of computation, the π-calculus stands out for its expressiveness, which enables us to represent and reason about message-passing programs in functional, object-oriented, and distributed paradigms [SW01]. Another distinctive aspect of the π-calculus is its support for rich type systems that discipline process behavior [San02]. Following Milner's seminal work on sorting [Mil91], various type systems for the π-calculus have revealed a rich landscape of models for concurrency with disciplined communication; examples include graph types [Yos96], linear types [KPT96], generic types [IK04], and session types [HVK98]. Recently, logical foundations for message-passing concurrency, in the style of the Curry-Howard correspondence ("propositions as types"), have been put forward [CP10,Wad12]. By disciplining the use of channels, types for message-passing Let us clarify the nature of processes in L and K. As Definition 4.2 formally states, processes in L and K are typed under some typing context, possibly non empty. As such, these classes contain both open processes (if the typing context is not empty) and closed processes (if the typing context is empty). Thus, strictly speaking, processes in L and K have session progress (as described above), which is strictly weaker than deadlock freedom (or a potential form of it), for a process with session progress does not necessarily satisfy deadlock freedom. However, since we shall focus on closed processes, for which session progress and deadlock freedom coincide, we shall refer to L and K as classes of deadlock-free processes.
There are good reasons for considering L and K. On the one hand, due to its deep logical foundations, L appears to us as the canonic class of deadlock-free session processes, upon which all other classes should be compared. Indeed, this class arguably offers the most principled yardstick for comparisons. On the other hand, K integrates session type checking with the sophisticated usage discipline developed by Kobayashi for π-calculus processes. This indirect approach to deadlock freedom, developed in [CDM14,Dar16], is fairly general, as it can capture sessions with subtyping, polymorphism, and higher-order communication. Also, as informally shown in [CDM14], K strictly includes classes of session typed processes induced by other type systems for deadlock freedom [DdY08,CD10,Pad13]. Finally, there exist static analyzers for processes based on K, implemented in the tool TyPiCal [TYP].
One key observation in our work is a property on the structure of typed parallel processes, the degree of sharing, which is key in distinguishing two salient classes of deadlock-free session processes, and in shedding light on their formal underpinnings. Indeed, using the degree of sharing, we establish that K corresponds to a family of classes of deadlock-free processes, denoted K 0 , K 1 , · · · , K n . Intuitively, K 0 is the subclass of K with independent parallel composition: for all processes P | Q ∈ K 0 , subprocesses P and Q do not share any sessions. Then, K 1 is the subclass of K which contains K 0 but admits also processes with parallel components that share at most one session. This way, K n contains deadlock-free session processes whose parallel components share at most n sessions.
Contributions. In this paper, we present three main technical contributions: (1) We show that the inclusion between the constituent classes of K is strict (Theorem 4.1).
We have: K 0 ⊂ K 1 ⊂ K 2 ⊂ · · · ⊂ K n ⊂ K n+1 (1.1) Although not very surprising, the significance of this result lies in the fact that it talks about concurrency (via the degree of sharing) but implicitly also about the potential sequentiality of parallel processes. As such, processes in K n are necessarily "more parallel" than those in K n+1 . Interestingly, the degree of sharing in K 0 , . . . , K n can be characterized in a simple way, via a natural condition in the typing rule for parallel composition in Kobayashi's type system for deadlock-freedom (see Fig. 6).
(2) We show that L and K 1 coincide (Theorem 4.2). That is, there are deadlock-free session processes that cannot be typed by systems derived from the Curry-Howard interpretation of session types [CP10,CPT14,Wad12], but that can be admitted by the (indirect) approach of [DGS12]. This result is significant: it establishes the precise status of logically motivated systems (i.e., based on [CP10,CPT14,Wad12]) with respect to previous disciplines, not based on Curry-Howard principles. Indeed, it formally confirms that linear logic interpretations of session types naturally induce the most basic form of concurrent cooperation (sharing of exactly one session), embodied as the principle of "composition plus hiding", a distinguishing feature of such interpretations. (3) We define two rewriting procedures for transforming processes in K into processes in L (Definition 5.9 and 6.17). Intuitively, due to our previous observation and characterization of the degree of sharing in session typed processes, it is quite natural to convert a process in K into another, more parallel process in L. In essence, the first rewriting procedure exploits type information to replace sequential prefixes with representative parallel components; the second procedure refines this idea by considering value dependencies, i.e., causal dependencies between independent sessions, not captured by types. Our rewriting procedures satisfy type-preservation and operational correspondence properties (cf. Theorems 5.1, 5.2, 6.1, and 6.2). These correctness properties not only witness to the significance of our rewriting procedures; they also confirm that the degree of sharing is a subtle criterion for formally distinguishing deadlock-free, session typed processes. Fig. 1 graphically summarizes these contributions. To the best of our knowledge, our work defines the first formal comparison between fundamentally distinct type systems for deadlock freedom in session-typed communications. Previous comparisons, such as the ones in [CDM14] and [CPT14,§6], are informal: they are based on representative "corner cases", i.e., examples of deadlock-free session processes typable in one system but not in some other.
Organization. The paper is structured as follows. Next, § 2 summarizes the session πcalculus and the type system of [Vas12]. In § 3 we present the two typed approaches to deadlock freedom for sessions. § 4 defines the classes L and K, formalizes the hierarchy (1.1), and shows that L = K 1 . In § 5 and § 6 we give the two rewriting procedures of K n into L and establish their correctness properties. Enforcing deadlock freedom by typing is already quite challenging for finite processes (i.e., without infinite behaviors, such as recursion or replication). For this reason, here we concentrate on finite processes; in § 7 we discuss the case of processes with infinite behavior. § 8 compares with related works, and § 9 collects some concluding remarks. Details of proofs are included in the Appendix § A. This paper is a revised version of the workshop paper [DP15], extended with new material: we present full technical details, illustrative examples, and comparisons with related works not presented in [DP15]. Moreover, the first rewriting procedure, presented in [DP15] and given in § 5, has been substantially simplified and its correctness properties have been refined. The second rewriting procedure, based on value dependencies and given in § 6, is new to this paper. The content of § 7 and § 8 is also original to this presentation. P, Q ::= x v .P (output) 0 (inaction) x(y).P (input) P | Q (composition) x l j .P (selection) (νxy)P (session restriction) x {l i : P i } i∈I (branching) v ::= x (channel) (R-Com) (νxy)(x v .P | y(z).Q) → (νxy)(P | Q[ v /z]) (R-Case) (νxy)(x l j .P | y {l i : P i } i∈I ) → (νxy)(P | P j ) j ∈ I (R-Par) P → Q =⇒ P | R → Q | R (R-Res) P → Q =⇒ (νxy)P → (νxy)Q (R-Str) P ≡ P , P → Q, Q ≡ Q =⇒ P → Q

Session πcalculus
We introduce the session π-calculus and the type system by Vasconcelos [Vas12], which ensures communication safety and session fidelity (but not progress nor deadlock-freedom).
2.1. Process Model. Let P, Q, . . . range over processes, x, y, . . . over channel names (or session endpoints), and v, . . . over values; for simplicity, the sets of values and channels coincide. In examples, we use n to denote a terminated channel that cannot be further used. We briefly comment on the syntax of processes, given in Fig. 2 (upper part). Process x v .P denotes the output of v along x, with continuation P . Dually, process x(y).P denotes an input along x with continuation P , with y denoting a placeholder. Rather than the non-deterministic choice operator P + Q of the untyped π-calculus [MPW92], the session π-calculus includes operators for (deterministic) internal and external labelled choices, denoted x l j .P and x {l i : P i } i∈I , respectively. Process x l j .P uses x to select l j from a labelled choice process x {l i : P i } i∈I , so as to trigger P j ; labels are indexed by the finite set I and are pairwise distinct. We also have the inactive process (denoted 0), the parallel composition of P and Q (denoted P | Q), and the (double) restriction operator, noted (νxy)P : the intention is that x and y denote dual session endpoints in P . We omit 0 whenever possible and write, e.g., x n instead of x n .0. Notions of bound/free names in processes are standard; we write fn(P ) to denote the set of free names of P . Also, we write P [ v /z] to denote the (capture-avoiding) substitution of free occurrences of z in P with v. Finally, we follow Barendregt's convention, whereby all channel names in binding occurrences in any mathematical context are pairwise distinct and also distinct from the free names.
The operational semantics is given in terms of a reduction relation, noted P → Q, and defined by the rules in Fig. 2 (lower part). Reduction relies on a standard notion of structural congruence, noted ≡ (see [Vas12]). We write → * to denote the reflexive, transitive closure of →. Observe that interaction involves prefixes with different channels (endpoints), and always occurs in the context of an outermost (double) restriction. Key rules are (R-Com) and (R-Case), denoting the interaction of output/input prefixes and selection/branching constructs, respectively. Rules (R-Par), (R-Res), and (R-Str) are standard. Γ, x : S j ST P ∃j ∈ I Γ, x : ⊕{l i : S i } i∈I ST x l j .P 2.2. Type System. The syntax of session types, ranged over T, S, . . ., is given by the following grammar.
Let T, S range over session types. Above, end is the type of an endpoint with a terminated protocol. The type ?T.S is assigned to an endpoint that first receives a value of type T and then continues according to the protocol described by S. Dually, type !T.S is assigned to an endpoint that first outputs a value of type T and then continues according to the protocol described by S. Type ⊕{l i : S i } i∈I is used for internal choices, and generalises output types; dually, type &{l i : S i } i∈I is used for external choices, and generalises input types. Notice that session types describe sequences of structured behaviours; they do not admit parallel composition operators.
While inspired in syntax of session types in [Vas12], there are some (minor) differences. We only consider channel endpoint types (no bool or other ground types). Vasconcelos [Vas12] uses the notion of pretypes which then leads to session types being either linear or unrestricted, thus giving a more general presentation. In contrast, our session types are linear-the only unrestricted session type is end.
A central notion in session-based concurrency is duality, which relates session types offering opposite (i.e., complementary) behaviors and stands at the basis of communication safety and session fidelity. Given a session type T , its dual type T is defined as follows: Typing contexts, ranged over by Γ, Γ , are sets of typing assignments x : T . Given a context Γ and a process P , a session typing judgment is of the form Γ ST P . We may now settle some useful terminology: Definition 2.1 (Closed and Open Processes). Let Γ ST P . If Γ is empty, we write ST P and say that P is closed ; otherwise, if Γ is non-empty, we say P is open.
Typing rules are given in Fig.3. Rule (T-Nil) states that 0 is well-typed under a terminated channel. Rule (T-Par) types the parallel composition of two processes by composing their corresponding typing contexts. 1 Rule (T-Res) types a restricted process by requiring that the two endpoints have dual types. Rules (T-In) and (T-Out) type the receiving and sending of a value over a channel x, respectively. Finally, Rules (T-Brch) and (T-Sel) are generalizations of input and output over a labelled set of processes.
The main guarantees of the type system are communication safety and session fidelity, i.e., typed processes respect their ascribed protocols, as represented by session types. The following key results are from [Vas12]: Theorem 2.1 (Subject Congruence for Sessions). If Γ ST P and P ≡ Q, then Γ ST Q.
Theorem 2.2 (Type Preservation for Sessions). If Γ ST P and P → Q, then Γ ST Q.
The following notion of well-formed processes is key to single out meaningful typed processes.
Definition 2.2 (Well-Formedness for Sessions). A process is well-formed if for any of its structural congruent processes of the form (ν xy)(P | Q) the following hold.
• If P and Q are prefixed at the same name, then the name performs the same action (input or output, branching or selection).
Importantly, well-typedness of a process does not imply that the process is well-formed. We have the following result: Theorem 2.3 (Type Safety for Sessions [Vas12]). If ST P then P is well-formed.
The following theorem states that a well-typed closed process does not reduce to an ill-formed one. It follows immediately from Theorems 2.2 and 2.3.
2.3. Deadlock-freedom. As motivated in the Introduction, a very desirable liveness property for session π-calculus processes is that they should never "get stuck". Unfortunately, the session type system given in [Vas12] (and summarized above) does not exclude deadlocked processes. Intuitively, this is because typed processes may contain cyclic causal dependencies enforced by communication prefixes in processes but not described by their session types. Indeed, a particularly insidious class of deadlocks is due to cyclic interleaving of channels in processes. Consider the following example: Example 2.3. Process P (νxy)(νwz)(x n .w n | z(t).y(s)) represents the implementation of two independent sessions, which get intertwined (blocked) due to the nesting induced by input and output prefixes. Process P is well-typed in [Vas12]: we have n : end ST P , even if P is unable to reduce.
Below we define deadlock-freedom in the session π-calculus by following [Kob02,Kob06], considering fair reduction sequences as in [CS87]: Definition 2.4 (Deadlock-Freedom for the Session π-calculus). A process P 0 is deadlock-free if for any fair reduction sequence P 0 → P 1 → P 2 → . . ., we have that: This way, a process is deadlock-free if any communication action that becomes active during execution is eventually consumed: its corresponding co-action eventually becomes available, and the two complementary actions synchronize.
Example 2.5. It is easy to see that P in Example 2.3 is not deadlock-free, in the sense of Definition 2.4. A deadlock-free variant of P is P (νxy)(νwz)(x n .w n | y(s).z(t)), which also is typable: n : end ST P . Observe how the difference between P and P is in the parallel component on the right-hand side: the two input prefixes have been swapped.

Two Approaches to Deadlock-Freedom
We introduce two typed approaches to deadlock-free, session π-calculus processes. The first comes from interpretations of linear logic propositions as session types [CP10,CPT14,Wad12] and is described in § 3.1. The second approach, summarised in § 3.2, exploits encodings of session processes and types [DGS12] into usage types for the π-calculus. Based on these two approaches, in § 4 we will formally define the classes L and K.
3.1. Linear Logic Foundations of Session Types. The linear logic interpretation of session types was introduced by Caires and Pfenning [CP10,CPT14], and developed by Wadler [Wad12] and others. Initially proposed for intutitionistic linear logic, here we consider an interpretation based on classical linear logic (CLL) with mix principles, following recent presentations [Cai14,CP17].
The syntax and semantics of processes are as in § 2 except for the following differences. First, we have the restriction construct (νx)P instead of the double restriction (νxy)P . Second, we have a so-called forwarding process, denoted [x ↔ y], which intuitively "fuses" channels/names x and y. Differences in the reduction rules are summarized in Fig. 4. In particular, observe how interaction of input/output prefixes and of selection/branching constructs is no longer covered by an outermost restriction.
As for the type system, we consider the so-called C-types which correspond to linear logic propositions (without exponentials). They are given by the following grammar: Intuitively, ⊥ and 1 are used to type a terminated endpoint. Type A ⊗ B is associated to an endpoint that first outputs an object of type A and then behaves according to B. Dually, type A B is the type of an endpoint that first inputs an object of type A and then continues as B. The interpretation of ⊕{l i : A i } i∈I and &{l i : A i } i∈I as selection and branching behaviors follows as expected. A full duality on C-types exactly corresponds to the negation operator of CLL (·) ⊥ . The dual of type A, denoted A, is inductively defined as follows: 1 Recall that A B A B. As explained in [Cai14], considering mix principles means admitting ⊥ 1 and 1 ⊥, and therefore ⊥ = 1. We write • to denote either ⊥ or 1, and decree that • = •.
Typing contexts are sets of typing assignments x : A; they are ranged over ∆, ∆ , . . .. The empty context is denoted ' · '. Typing judgments are of the form P CH ∆. Fig. 5 gives the typing rules associated to the linear logic interpretation. Salient points include the use of bound output (νy)x y .P , which is abbreviated as x(y)P . Another highlight is the "composition plus hiding" principle implemented by Rule (T-cut), which integrates parallel composition and restriction in a single rule. Indeed, unlike the system in [Vas12], there is no dedicated rule for restriction. Also, Rule (T-mix) enables to type the independent parallel composition of processes, i.e., the composition of two processes that do not share sessions.
We now collect main results for this type system; see [CPT14,Cai14,CP17] for details. We first state type preservation: Theorem 3.1 (Type Preservation for C-Types). If P CH ∆ and P − − → Q then Q CH ∆.
We now state deadlock-freedom. For any P , define live(P ) if and only if P ≡ (ν n)(π.Q | R), where π is an input, output, selection, or branching prefix.
3.2. Deadlock-Freedom by Encodability. The second approach to deadlock-free session processes is indirect, in the sense that establishing deadlock-freedom for session processes appeals to encodings into a polyadic π-calculus with usage types [Kob02,Kob06], for which typability enforces deadlock freedom. Next we introduce the syntax of the polyadic π-calculus ( § 3.2.1), the discipline of usage types ( § 3.2.2), and the encodings of session processes and types into polyadic π-calculus processes and usage types, respectively ( § 3.2.4).
3.2.1. Processes. The syntax and semantics of the π-calculus with usage types build upon those in § 2, with three modifications. First, communication is polyadic (tuples of values) rather than monadic. Rather than branching and selection constructs, we consider a case construct, denoted case v of {l i x i P i } i∈I , which uses the variant value l j v. Moreover, we use the channel restriction (νx)P , rather than double restriction. Finally, the reduction rules are as follows: The definition of deadlock-freedom for this calculus mirrors Definition 2.4: Definition 3.1 (Deadlock Freedom for the polyadic π-calculus). A process P 0 is deadlockfree under fair scheduling, if for any fair reduction sequence P 0 → P 1 → P 2 → · · · the following hold: 3.2.2. Usage Types. Usage types rely on obligations and capabilities, which are endowed with so-called levels to describe inter-channel dependencies: • An obligation of level n must be fulfilled by using only capabilities of level less than n. Said differently, an action of obligation n must be prefixed by actions of capabilities less than n. • For an action with capability of level n, there must exist a co-action with obligation of level less than n or equal to n. The obligation o and capability κ range over the set of natural numbers. The syntax of usages U, U , . . . and usage types T, T , . . . is defined by the following grammar: (channel types) | l : T i∈I (variant type) A usage ? o κ .U (resp. ! o κ .U ) is associated to a channel that can be used once for input (resp. output) and then according to usage U . We let α range over '?' and '!'. The usage U 1 | U 2 can be associated to a channel that is used according to U 1 by one process and according to U 2 by another process in parallel. Usage ∅ describes a channel that cannot be used at all. We will often omit ∅, and so we will write U instead of U.∅. Types build upon usages. Let T indicate a sequence T 1 . . . T n , for some natural n. Type U [ T ] describes channels that behave according to usage U with payload T 1 . . . T n . Type l : T i∈I is a variant type, namely a disjoint union of labelled types, where labels l i for all i ∈ I are all disjoint.
Typing contexts are sets of typing assignments x : T ; they are ranged over Γ, Γ . Before introducing typing judgments and commenting on the typing rules, given in Fig. 6, we present some important auxiliary notions, extracted from [Kob02,Kob06].
Definition 3.2 (Auxiliary Operators). The type system uses the following auxiliary operators and notions: (1) Rules (Tπ-Parn) and (Tπ-Out) use the composition operation on types, denoted | . It is defined as follows: The generalisation of | to typing contexts, denoted (Γ 1 | Γ 2 )(x), is defined as expected.
(2) The unary operation ↑ t applied to a usage U lifts its obligation level up to t; it is defined inductively as: The ↑ t operation extends to types and typing contexts as expected.
(3) Rules (Tπ-In) and (Tπ-Out) use the operator " ; ", which combines a type assignment x : α o κ [T ] and a context Γ into a new context ∆ as follows: (4) Duality on usage types is used to define the important notion of reliable usage (Definition 3.5); it simply exchanges ? and !: Definition 3.3. Let U be a usage. The input and output obligation levels (resp. capability levels) of U , written ob ? (U ) and ob ! (U ) (resp. cap ? (U ) and cap ! (U )), are defined as: The reduction relation on usages, noted U → U , intuitively says that if a channel with usage U is used for communication, then it should be used according to U afterwards: Definition 3.4 (Usage reduction). Let ≡ be the least equivalence relation on usages defined by the rules U 1 | U 2 ≡ U 2 | U 1 and (U 1 | U 2 ) | U 3 ≡ U 1 | (U 2 | U 3 ) (cf. [Kob06]). The reduction relation → on usages is the smallest relation closed under the following rules: The reflexive, transitive closure of → (written → * ) and its generalization to to typing contexts Γ are defined as expected.
3.2.3. Typing Rules. Typing judgments are of the form Γ n KB P : the annotation n ≥ 0 is the main difference with respect to the rules in Kobayashi's systems [Kob02,Kob06]-it explicitly denotes the greatest degree of sharing admitted in parallel processes. Considering this, the typing rules for the π-calculus with usage types are given in Fig. 6. Rule (Tπ-Nil) states that the terminated process is typed under a terminated channel. Rule (Tπ-Res) states that process (νx)P is well-typed if the usage for x is reliable (cf. Definition 3.5). Rules (Tπ-In) and (Tπ-Out) type input and output processes with polyadic communication in a typing context where the " ; " operator (Definition 3.2(3)) is used in order to increase the obligation level of the channels in continuation P . Rules (Tπ-LVal) and (Tπ-Case) type a choice: the first types a variant value with a variant type; the second types a case process using a variant value as its guard. Figure 7: Encoding of session π-processes into polyadic π-calculus processes.
Given a degree of sharing n ≥ 0, Rule (Tπ-Parn) states that the parallel composition of processes P and Q (typable under contexts Γ 1 and Γ 2 , respectively) is well-typed under the typing context Γ 1 | Γ 2 only if |Γ 1 ∩ Γ 2 | ≤ n. One may view Rule (Tπ-Parn) is as a "rule scheme" with different instances, one for each different value of n. This allows to simply characterize the "concurrent cooperation" between P and Q. As a consequence, if P n KB then P k KB , for any k ≤ n. Observe that the corresponding typing rule in [Kob02,Kob06] is the same as (Tπ-Parn), except for condition |Γ 1 ∩ Γ 2 | ≤ n, which is not specified.
The next theorems imply that well-typed processes by the type system in Fig. 6 are deadlock-free, in the sense of Definition 3.1: Theorem 3.3 (Type Preservation for Usage Types (Theorem 1 in [Kob06])). If Γ n KB P and P → Q, then Γ n KB Q for some Γ such that Γ → Γ . By Definition 3.4, if Γ → Γ then dom(Γ) = dom(Γ ). Consequently, n is preserved under reduction; this is why in the above statement we have Γ n KB Q. Theorem 3.4 (Deadlock Freedom). If ∅ n KB P and either P ≡ (νx)(x( z).P | R) or P ≡ (νx)(x v .P | R), then P → Q, for some process Q.
Corollary 3.6. If ∅ n KB P , then P is deadlock-free, in the sense of Definition 3.1. It is worth noticing how both Theorem 3.2 and Theorem 3.4 have similar formulations: both properties state that processes can always reduce if they are well-typed (under the empty typing context) and have an appropriate structure (cf., condition live(P ) in Theorem 3.2 and condition P ≡ (νx)(x( z).Q | R) or P ≡ (νx)(x v .Q | R) in Theorem 3.4).

Encodings of Processes and Types.
To relate classes of (typed) processes obtained by the different type systems given so far, we use encodings. To rewrite a session typed process into a usage typed process, we follow a continuation-passing style: this allows us to mimic the sequential structure of a session by sending its continuation as a payload over a channel. This encoding is denoted · f , where f is a mapping from channels to fresh names (see Fig. 7); it was suggested in [Kob07] and developed in [DGS12].
We also need to formally relate session types and logic propositions to usage types. To this end, we have encodings of types · su and · c , both given in Fig. 8. (The encoding · su is taken from [DGS12].) We now extend these encodings to typing contexts: Definition 3.7. Let Γ be a session typing context. The encoding · f into usage typing contexts and · c into C-typing contexts is inductively defined as follows: The following result connects our encodings of types and the notion of duality: Proof. The proof is by induction on the duality relation of session types.
3.2.5. On Deadlock Freedom by Encoding. The next results relate deadlock freedom, typing and the encodings in [DGS12], thus formalising the indirect approach to deadlock-freedom.
Proposition 3.9. Let P be a deadlock-free session process, then P f is a deadlock-free πprocess.
Proof. Follows by the encoding of terms given in Fig. 7, Definition 2.4 and Definition 3.1.
Next we recall an important result relating deadlock freedom and typing, by following [CDM14].
Corollary 3.10. Let ST P be a session process. If n KB P f is deadlock-free then P is deadlock-free.
Having introduced the two typing frameworks for deadlock-freedom, we now move on to establish formal relationships between them.

A Hierarchy of Deadlock-Free Session Typed Processes
4.1. The Classes L and K. We formally define the classes L and K intuitively described in the Introduction. To this end, we require some auxiliary definitions. The following translation addresses minor syntactic differences between session typed processes (cf. § 2) and the processes typable in the linear logic interpretation of session types (cf. § 3.1). Such differences concern free output actions and the double restriction operator: Definition 4.1. Let P be a session process. The translation { {·} } is defined as and as an homomorphism for the other process constructs.
Let · c denote the encoding of session types into linear logic propositions in Fig. 8 (right).
Recall that · f stands for the encoding of processes and · su for the encoding of types, given here in Fig. 7 and Fig. 8 (left), respectively. We may then formally define the languages under comparison as follows: Definition 4.2 (Typed Languages). The languages L and K n (n ≥ 0) are defined as follows: n KB P f ) Both L and K n contain session π-calculus processes as defined in § 2. In words, processes in L are those session π-calculus processes that are typable in the system of § 3.1, up to the translation on processes { {·} } and the encoding on types · c . Similarly, given n ≥ 0, the set of typed processes K n contains all session π-calculus processes that are typable under Kobayashi's type systems with a degree of sharing up to n.
Notice that L and K n contain both open and closed processes (cf. Definition 2.1). As informally discussed in the introduction, processes in L and K n satisfy the progress property, defined in [CD10] and further studied in [CDM14]. As a consequence: • Closed processes in L and K n (i.e., those typable with Γ = ∅) are deadlock-free, respectively by following Theorem 3.2, and by the indirect approach formalised by Theorem 3.4 and Definition 3.1 and Corollary 3.10. • Open processes in L and K n (i.e., those typable with Γ = ∅) are stuck: they lack their communicating counterpart described by Γ. This counterpart will be formalized as a catalyzer [CD10] that allows an open process to further reduce, thereby "unstucking it". Although we are interested in the (sub)class of processes that satisfy deadlock freedom, we have defined L and K n more generally as processes satisfying progress; this simplifies the definition and presentation of our technical contributions.

Main Results.
Our first observation is that there are processes in K 2 but not in K 1 : Proof. K 2 contains (deadlock-free) session processes not in K 1 . A representative example is: This process is not in K 1 because it involves the composition of two parallel processes which share two sessions. As such, it is typable in n KB (with n ≥ 2) but not in 1 KB . The previous result generalizes easily, so as to define a hierarchy of deadlock-free, session processes: Proof. Immediate by considering one of the following processes, which generalize process P 2 in the proof of Lemma 4.3: To distinguish K n+1 from K n , we consider P n+1 if n + 1 is even and Q n+1 otherwise.
One main result of this paper is that L and K 1 coincide. Before stating this result, we make the following observations. The typing rules for processes in L do not directly allow free output. However, free output is representable (and typable) by linear logic types by means of the transformation in Definition 4.1. Thus, considered processes are not syntactically equal. In L there is cooperating composition (enabled by Rule (T-cut) in Fig. 5); independent composition can only be enabled by Rule (T-mix). Arbitrary restriction is not allowed; only restriction of parallel processes.
The following property is key in our developments: it connects our encodings of (dual) session types into usage types with reliability (Definition 3.5), a central notion to the type system for deadlock freedom in Fig. 6. Recall that, unlike usage types, there is no parallel composition operator at the level of session types. In the following proposition, we extend the reliability predicate to channel types in the expected way, namely rel(U [ T ]) = rel(U ).
Proposition 4.4. Let T be a session type, and let · su be the encoding of session types into usage types given in Fig. 8. Then rel( T su | T su ) holds.
Proof. We must show how to build an assignment of obligations and capabilities for the encoding · su in a way that the predicate rel(·) holds. The proof proceeds by induction on the structure of T , using Lemma 3.8 (encodings of types preserve session type duality).
, and trivially rel( T su | T su ) holds.
• T = &{l i : S i } i∈I , for some S i and i ∈ I. By definition of duality, T = ⊕{l i : , and trivially rel( T su | T su ) holds. • T = ⊕{l i : S i } i∈I , for some S i and i ∈ I: similar to the previous case.
We then have the following main result, whose proof is detailed in § A.1 (Page 36): Therefore, we have the following corollary, which attests that the class of deadlock-free session processes naturally induced by linear logic interpretations of session types (cf. § 3.1) is strictly included in the class induced by the indirect approach of [DGS12] (cf. § 3.2).
The fact that (deadlock-free) processes such as P 2 (cf. Lemma 4.3) are not in L is informally discussed in [CPT14,§6]. However, [CPT14] gives no formal comparisons with other classes of deadlock-free processes.
Having established differences between deadlock-free session π-calculus processes in L and K n , we now move on to explore whether a process in K n can be transformed/rewritten, in a type-preserving manner, into an L process.

Rewriting K n into L
The hierarchy of deadlock-free session processes established by Theorem 4.1 is subtle in the following sense: if P ∈ K k+1 but P ∈ K k (with k ≥ 1) then we know that at least one subprocess of P must become more independent (concurrent) in order to be typable under the lesser degree of sharing k. We illustrate this insight by means of an example: Example 5.1. Recall process P 2 in Lemma 4.3: We have that P 2 ∈ K 2 . Consider now the following variant of P 2 , in which the left subprocess has been kept unchanged, but the right sub-process has been modified to increase concurrency: .0) Indeed, by considering a more concurrent variant of sub-process b 1 n . b 2 (z), we have that P 2 ∈ K 1 .
Here we propose a rewriting procedure that converts any typable session process into L. This way, the rewriting into K 1 will follow as a corollary. The rewriting procedure, given in § 5.2, follows the (simple) idea of Example 5.1: given a parallel process as input, return as output a process in which one of the components is kept unchanged, but the other is rewritten by using representatives of the sessions implemented in it, composed in parallel. Such parallel representatives are formally defined as characteristic processes and catalyzers, which we introduce next. The rewriting procedure is type preserving and satisfies operational correspondence; this is the content of Theorems 5.1 and 5.2. Example 5.10 illustrates the rewriting procedure for P 2 as in Lemma 4.3.
While intuitive, the rewriting procedure in § 5.2, however, does not preserve the so-called value dependencies between independent sessions. Such dependencies are generated, for instance, when a session forwards a value previously received along a different session; see, e.g., the left sub-process of P 2 and P 2 above but also Example 6.1 below. To solve this issue, in § 6 we shall define an optimized rewriting procedure that uses value dependencies as statically captured by a conservative extension of the session type system in § 2.2. As we will see, this optimized rewriting procedure enjoys also type preservation and operational correspondence (cf. Theorems 6.1 and 6.2).

Characteristic Processes and Catalyzers.
Before presenting our first rewriting procedure, let us first introduce some preliminary notions and results. The characteristic process of a session type intuitively represents the smallest process in L that inhabits that type. We find it convenient to define characteristic processes as a set of processes: Definition 5.2 (Characteristic Processes of a Session Type). Let T be a session type (cf. § 2). Given a name x, the set of characteristic processes of T , denoted { |T | } x , is inductively defined as follows: The notion of characteristic process extends to typing contexts simply by composing in parallel independent characteristic processes, one for each of the session types declared in the context. This is to reflect the fact that sessions in a context declare independent structures of communication.
Definition 5.3 (Characteristic Process of a Session Typing Context). Given a context Γ = w 1 :T 1 , . . . , w n :T n , we shall write { |Γ| } to stand for the set Characteristic processes are well-typed in the system of § 3.1, given in Fig. 5: Lemma 5.4. Let T be a session type and Γ be a session environment. ( Proof. The proof of Part 1 is by induction on the structure of T . The proof of Part 2 is by induction on the size of Γ, using Part 1. See § A.2 for details. Building upon characteristic processes, we now define catalyzers: a catalyzer for a typing context is a process context that implements the behaviors declared in it. Below, we use [·] to denote a hole and C[·], C [·], . . . to denote process contexts/catalyzers. Definition 5.5 (Catalyzers). Given a session typing context Γ, we define its set of associated catalyzers, noted C Γ , inductively as follows: For convenience, given a context Γ, let us write Γ to denote the context obtained by applying duality in all the types declared in Γ. The following statements formalize the complementarity, in terms of session behaviors, between a well-typed process in L and its associated catalyzers: Proof. Follows immediately by Definition 5.5.

Rewriting Session Processes into L.
Our rewriting procedure transforms a sessiontyped process into a set of L processes. Unsurprisingly, a delicate point in this rewriting is the treatment of parallel composition. Roughly speaking, given a well-typed session process P 1 | P 2 , our procedure produces two sets of processes: the first one collects processes of the form P 1 | G 2 , where G 2 is a characteristic process that implements all sessions declared in the typing of P 2 ; similarly, the second set collects processes of the form G 1 | P 2 , where G 1 is a characteristic process that implements all session declared in the typing for P 1 . This way, by keeping one sub-process unchanged and replacing the other with parallel representatives (G 1 and G 2 ), the resulting processes are more independent, and the circular dependences that are at the heart of deadlocked processes are systematically ruled out. We require some auxiliary notations. First, we find it convenient to annotate bound names in processes with session types: we write (νxy : T )P and x(y : T ).P , for some session type T . Also, we use the following notation for well-typed parallel processes, in which "hidden" sessions are explicitly denoted by brackets: Notation 5.8 (Hidden/Bracketed Sessions). We shall write We are now ready to give the first rewriting procedure from session processes into L: Definition 5.9 (Rewriting into L). Let P be such that Γ ST P and P ∈ K n . The set of L processes Γ ST P is defined in Fig. 9.
The rewriting procedure operates on typing judgments: a well-typed session process is rewritten depending on the information declared in its typing context. Notice that the procedure could be defined for arbitrary, possibly deadlocked session processes, although membership in K n plays a role in operational correspondence (see below). We discuss the different cases of the definition: • The case when the process is 0 is immediate; it is rewritten into the singleton set {0} if the associated typing context contains only completed sessions. Indeed, we consider the general case in which there is more than one completed session. • The rewriting of output-and input-prefixed processes is self-explanatory; in the case of output, we rewrite the free output available in K n by exploiting a forwarding process in L (cf. Definition 4.1). The rewriting of selection and branching processes also follows expected lines. • The last case of the definition handles processes in parallel, possibly with restricted sessions; we use Notation 5.8 to make such sessions explicit. As hinted at above, the rewriting of a parallel process (ν x y : S)(P 1 | P 2 ) in K n results into two different sets of L processes: the first set contains processes of the form C 1 [Q 1 ] | G 2 , where, intuitively: • Q 1 belongs to the set that results from rewriting sub-process P 1 with an appropriate typing judgment; • C 1 belongs to the set of catalyzers that implement the dual behaviors of the sessions implemented by P 1 (cf. Definition 5.5); • G 2 belongs to the set of characteristic processes for Γ 2 , the context that contains the sessions implemented by P 2 (cf. Definition 5.3). The intuitive explanation for processes in the second set, which are of the form G 1 | C 2 [Q 2 ], is completely dual. As we will see, processes C 1 [Q 1 ] | G 2 (and G 1 | C 2 [Q 2 ]) will preserve the typing of (ν x y : S)(P 1 | P 2 ) by construction: process C 1 [Q 1 ] (resp. C 2 [Q 2 ]) is typable with context Γ 1 (resp. Γ 2 ); process G 2 (resp. G 1 ) is typable with context Γ 2 (resp. Γ 1 )see Theorem 5.1 below.
We illustrate the rewriting procedure by means of an example.
Example 5.10 (Rewriting · at work). Consider again the process P 2 used in Lemma 4.3. Let T !end.end and S ?end.end. Clearly, S = T . We have the following derivation. (T-In) Before giving the set n : end ST P 2 , we spell out the main ingredients required: Exploiting the above (and Notation 5.8), we may now define the rewriting of P 2 into L: It is easy to see that the cardinality of P will depend on the number of parallel components in P . In the above example, P 2 has two parallel components and so n : end ST P 2 has two elements, representing the two different possibilities for "dividing" the sequential structure of P 2 into more parallel processes.
We present two important results about our rewriting procedure. First, it is type preserving: Proof. By induction on the derivation Γ ST P . See § A.3 for details.
Theorem 5.1 is meaningful, for it says that the type interface of a process (i.e., the set of sessions it implements) is not modified by the rewriting procedure. That is, · modifies the process structure by closely following the causality relations described by (session) types.
The rewriting procedure also satisfies the following operational correspondence result. Let us write Γ ST P 1 , P 2 whenever both Γ ST P 1 and Γ ST P 2 hold. Similarly, let us write P 1 , P 2 CH Γ, whenever both P 1 CH Γ and P 2 CH Γ hold. The following definition is useful to relate two processes in terms of parallel decompositions of them that preserve typing: Definition 5.11. Let P, Q be processes such that P, Q CH Γ. We write P Q if and only if there exist processes P 1 , P 2 , Q 1 , Q 2 and contexts Γ 1 , Γ 2 such that the following hold: Before introducing the operational correspondence, let → denote structural congruence extended with a reduction by Rule (R-Fwd) (cf. § 3.1). We may now state: Theorem 5.2 (Operational Correspondence for · ). Let P be such that Γ ST P for some typing context Γ. Then, we have: (1) If P → P , then for all Q ∈ Γ ST P there exists Q such that: (2) If Q ∈ Γ ST P , such that P ∈ K n , and Q → → Q , then there exists P such that: Proof. By induction on the length of the derivations P → P and Q → Q . See § A.4 for further details.
Intuitively, Part 1 of Theorem 5.2 certifies that the rewriting procedure tightly preserves the behavior of the session process that is given as input. The use of the relation (cf. Definition 5.11) is required only in one sub-case, which concerns one of the two possibilities induced by the rewriting of parallel processes. Part 2 compares the behavior of a rewritten process with respect to that of the session process given as input. Unlike Part 1, here we require P to be in K n , i.e., P must be deadlock-free, for the correspondence to hold. Indeed, if P is not in K n then the operational correspondence with Q (the deadlock-free, rewritten variant of P ) would not hold, as Q could have reductions not enabled in P due to deadlocks.

Rewriting K n into L Exploiting Value Dependencies
The syntax of processes can induce causality relations not described by session types. One kind of such causality relations are those at the heart of deadlocked processes, in which unfortunate session interleavings in process actions cause circularities (i.e., circular dependencies) between independent sessions. In fact, this is one of the reasons why many type systems for sessions admit deadlocked processes as well-typed.
Another kind of causality relations occurs when independent sessions are related by means of the value exchanges performed by processes: if one session outputs a value previously received in a different session, then a causality relation between these two sessions is created. Observing these value dependencies entails gathering information from the type of the process, but also from its syntactic structure.
Example 6.1 (A Value Dependency). Consider the process Intuitively, the leftmost parallel process, a 0 n .a 1 (u).a 2 u .0, is a forwarder for a session w delegated by the rightmost parallel process, (νwz)(b 1 w .z n .0). Let U ?end.end, then we have the following typing judgments: a 0 : !end.end, a 1 : ?U.end, a 2 : !U.end ST a 0 n .a 1 (u). a 2 u .0 a 1 : ?U.end, a 2 : !U.end, b 2 : ?U.end, b 1 : !U.end ST P Although a 1 and a 2 are independent (unrelated) sessions according to the above typing judgment for a 0 n .a 1 (u).a 2 u .0, they are actually causally related, because the value of type U received on a 1 is sent along a 2 .
Value dependencies are thus a particular class of causality relations. In the terminology of Boreale and Sangiorgi [BS98], value dependencies are both subject and object dependencies, in the following (informal) sense: in process a 0 n .a 1 (u).a 2 u .0 there is a subject dependency in that the input on a 1 enables the output on a 2 ; there is an object dependency in that the bound name in the input on a 1 is used as object in the output on a 2 . Indeed, Boreale and Sangiorgi argue that in most cases an object dependency is also a subject dependency.
Unfortunately, the rewriting procedure · given in Definition 5.9 does not preserve value dependencies: in rewriting a process with parallel components, a sub-process containing a value dependency can be replaced by an equally typed process in which such a dependency is no longer present, as illustrated by the following example.
Example 6.2. Let process P and type U be as in Example 6.1. Consider the set of processes a 1 : ?U.end, a 2 : !U.end, b 1 : !U.end, b 2 : ?U.end ST P . One arbitrary process in this set is the following: where G a 1 ∈ { |?U.end| } a 1 and G a 2 ∈ { |!U.end| } a 2 . Since G 1 and G 2 are independently defined, the session name received along a 1 in G a 1 cannot be the same session sent along a 2 in G a 2 . Indeed, the value dependence between a 1 and a 2 present in P , has disappeared in Q as a result of the rewriting.
In the following, we will introduce an optimized rewriting procedure that preserves value dependencies (cf. Definition 6.17). The optimization is in the following steps: (1) We (statically) track value dependencies in processes by conservatively extending the type system of § 2. Using the extended type system, we formally define value dependencies in Definition 6.6. (2) We revise the notions of characteristic processes and catalyzers to jointly treat pairs of independent sessions tied together by a value dependency. This is given by Definition 6.8 and Definition 6.12. (3) We use these revised notions to define a new rewriting procedure of K n into L, given by Definition 6.17. These optimized procedure, denoted · V , enjoys type preservation and operational correspondence, as given by Theorem 6.1 and Theorem 6.2, respectively. Next, § 6.1, § 6.2, and § 6.3 present the above steps in order.
6.1. A Session Type System for Value Dependencies. We will consider an extension of the session type system in § 2, in which typing judgments are of the form where context Ψ contains triples (a, x, n) and a, x, n , with n ≥ 0: while the first triple denotes an input of object x along subject a, the latter denotes output prefixes. As a result, the Ψ context in Γ Ψ ST P will describe all communication prefixes in P and their distance to top-level. Indeed, the n in (a, x, n) and a, x, n helps us to track the position of the process prefix in relation to its session type, and to handle several value dependencies along a certain name. To this end, we consider annotated variants of input and output session types, written ! n S.T and ? n S.T -other types remain unchanged, for they do not involve passing of values. The typing rules required for supporting Ψ and annotated session types are in Fig. 10; they make use of the following auxiliary notions.
x : end ∅ ST 0 (T-NilD) Definition 6.3. Given a session type S and contexts Ψ and Γ, operations S + and Ψ + and Γ + simply increment annotations in types and in triples: a, x, n)) + Ψ + , (a, x, n + 1) (? n S.T ) + ? n+1 S.T + (Ψ, a, x, n ) + Ψ + , a, x, n + 1 We shall write Ψ ↓ x to denote the result of "projecting" Ψ onto name x, giving the set containing all tuples in which x appears free, namely as input subject, output subject or output object. Formally, this projection is defined as follows.
Definition 6.4 (Projection of Ψ). Let Ψ be a context, and x a name.
x, n ∈ Ψ, for some name w and n ≥ 0} Given this notion of projection, we can now define the decomposition of context Ψ under names x and y: Definition 6.5 (Decomposition of Ψ). Let Ψ be a context, and x and y names. The decomposition of Ψ under x and y is defined as follows: It is important to notice that the encoding of types given in Fig. 8 and of typing contexts in Definition 3.7 are not influenced by the presence of type annotations.
We discuss the new typing rules for sessions with value dependencies, given in Fig. 10. The most interesting cases are (T-InD) and (T-OutD), which record communication subjects and objects as they occur in the typed input and output process, respectively. Observe that the number annotation is used to track the "distance" from top-level, which in the case of top-level input or output is clearly 0. Then, the annotations related to the continuation process P are incremented, captured by S + and Ψ + (cf. Definition 6.3). Rule (T-ParD) simply combines the prefix information in the parallel sub-processes; this is expected, since the purpose of Ψ is to track prefix (sequential) information. Rule (T-ResD) uses the decomposition of Ψ given by Definition 6.5. The context Ψ used to type process P is decomposed under names x and y, and the remaining context Ψ is used to type the restriction (νxy)P . The rationale behind this rule is: since Ψ is used to track free names in P , then triples where x and y occur free need to be removed from Ψ in order to type (νxy)P , thus yielding Ψ . Remaining rules are self-explanatory.
It is immediate to see that main results for the type system in § 2 (Theorems 2.2 and 2.3) extend easily to the type structure augmented with Ψ and annotations in input and output session types.
Given a typed process Γ Ψ ST P , we are interested in the value dependencies induced by process prefixes, but not captured by Γ. We have the following definition: Definition 6.6 (Value Dependencies). Let P be a process such that Γ Ψ ST P . The value dependencies of P are given by the set Ψ , defined as Ψ [a n , b m ] | ∃y.(a, y, n) ∈ Ψ ∧ b, y, m ∈ Ψ Thus, [a n , b m ] denotes a value dependency of an (output) prefix along session b on an (input) prefix along session a. It may be read as: "b, which is m prefixes away from top-level, depends on the value received on a, which is n prefixes away from top-level".
In writing [a n , b m ], annotations n, m are useful to capture the fact that two sessions may feature more than one value dependency. As a simple example, it is not difficult to specify a process in which sessions a : ? n 1 T.! n 2 U.S 1 and b : ! m 1 T.? m 2 U.S 2 have two dependencies: first on the value of type T , then on the value of type U (clearly, we could have that U = T , but this is irrelevant). This means that pairs [a n 1 , b m 1 ] and [a n 2 , b m 2 ] both are in the set of value dependencies of the process using sessions a and b.
Example 6.7. Consider process a n .b(u).c u .0, which is similar to sub-process a 0 n .a 1 (u).a 2 u .0 from Example 6.1. Using the extended type system (Fig. 10), we have the following typing derivation:  , 1), c, u, 2 ST a n .b(u).c u .0 (T-OutD) Therefore, we can now statically track the value dependency [b 1 , c 2 ], which is read as "c, which is two prefixes away from top-level, depends on the value received on b, which is one prefix away from top-level". It is then easy to see that sub-process a 0 n .a 1 (u).a 2 u .0 will have a value dependency [a 1 1 , a 2 2 ].
6.2. Characteristic Processes and Catalyzers. We now exploit both the value dependencies Ψ and the (annotated) context Γ to refine the definition of characteristic processes and catalyzer contexts.
The key idea is simple: given a dependency [a n , b m ] between two sessions a : ? n T.S 1 and b : ! m T.S 2 , rather than implementing two separate characteristic processes for the two sessions, we will implement the detected dependency through an auxiliary "bridging" session c ab that is hidden and intertwined within the two characteristic processes. To this end, we first revisit Definition 5.2, as follows: Definition 6.8 (Characteristic Processes of a Session Type, with Value Dependencies). Let Ψ be a context. Given a name x, the set of characteristic processes of the (annotated) session type T under Ψ, denoted ( (T ) ) x Ψ , is inductively defined as follows: Changes with respect to Definition 5.2 are in the cases of input and output types, which now implement an additional session if, according to Ψ, the respective sessions are involved in a value dependency. Indeed, the definition of ( (? n T.S) ) x Ψ forwards the value received on x along a channel c xz whenever sessions along x and z are related via a value dependency. Accordingly, the first action in the definition of ( (! n T.S) ) x Ψ is an input along c xz : the received value will be emitted along x, thus completing the intended forwarding.
The definition of characteristic process is the key contribution of this section where the value dependencies are captured via the auxiliary "bridging" session c xz . This new definition triggers modifications in the rest of the technical development, being the definition of catalyzer and of rewriting procedure, which we are going to present later in this section.
Using this refined definition of characteristic processes, we may now revisit Definition 5.3 to define the characteristic processes of a typing context. In order to ensure type preservation (cf. Lemma 6.11 below), the main difference is the need for outermost restrictions that hide the behavior along auxiliary sessions created in Definition 6.8 (such as c xz ): Definition 6.9 (Characteristic Processes of a Session Typing Context, with Value Dependencies). Given contexts Γ = w 1 :T 1 , . . . , w n :T n and Ψ, we define the set Example 6.10. Consider Γ 1 and Ψ 1 as in Example 6.7 for sub-process a 0 n .a 1 (u).a 2 u .0: Γ 1 a 0 : ! 0 end.end, a 1 : ? 1 U.end, a 2 : ! 2 U.end Ψ 1 a 0 , n, 0 , (a 1 , u, 1), a 2 , u, 2 By Definition 6.6, Ψ = {[a 1 1 , a 2 2 ]} and so we have a value dependency between a 1 and a 2 . We then have that set ( (Γ 1 ) ) Ψ 1 is a singleton containing the process: a 1 a 2 )(a 1 (u).c a 1 a 2 Characteristic processes with value dependences are well-typed in the system of § 6 (cf. Fig. 10): Lemma 6.11. Let T be an annotated session type and Γ, Ψ session typing contexts, respectively.
Proof. The proof of Part 1 is by induction on the structure of session type T . Because of Definition 6.9, the proof of Part 2 follows from Part 1. See § A.5 for details. Lemma 6.11 in Part 1 shows explicitly the use of the auxiliary sessions, which are captured by the typing context ∆. This is a key difference with the corresponding result in the previous section, given by Lemma 5.4.
We now revisit the definition of catalyzer contexts: Definition 6.12 (Catalyzers, with Value Dependencies). Given session typing contexts Γ and Ψ, we define its set of associated catalyzers, noted C Ψ Γ , as follows: Notice that while Definition 5.5 defines catalyzers inductively on the structure of a given context Γ, by composing independent characteristic process for each type, the definition above considers a single characteristic process obtained via Definition 6.9 above. This is necessary, for independent sessions in Γ may now be related by value dependencies.

Rewriting Session Processes into L Exploiting Value Dependencies.
We may now give the revised rewriting procedure with value dependencies, denoted · V . The cases for (bound) output and parallel composition rely on the following extension of Notation 5.8, which annotates type judgments with "discarded" portions of contexts: Notation 6.16 (Hidden/Bracketed Sessions, Extended). Consider the following notations: Figure 11: Rewriting procedure · V .
We discuss the key differences between · (Definition 5.9) and · V above. The first five cases are the expected extension of · with context Ψ and with annotated types, using Notation 6.16 in the case of output. Main differences arise in the rewriting of the typed parallel composition of P 1 and P 2 . The first line of the definition specifies how the rewriting leads to process of the form C 1 [Q 1 ] | G 2 , in which the right-hand side of the parallel is generated: • Process Q 1 results from applying the rewriting procedure on P 1 . • The catalyzer context C 1 "closes" open sessions in Q 1 ; this context is obtained using Definition 6.12 to preserve the value dependencies in P 2 (denoted Ψ 2 , Ψ y above). • Process G 2 is obtained using Definition 6.9 to preserve the value dependencies in P 2 . Following similar lines, the second line of the definition specifies how rewriting leads to process of the form G 1 | C 2 [Q 2 ], in which the left-hand side of the parallel is generated.
Overall, we exploit and preserve value dependencies both when generating the new portion of the parallel process (i.e., G 1 and G 2 ) but also when closing the portions of the original process which are kept unchanged by the procedure (i.e., C 1 and C 2 ).
To illustrate how the refined rewriting procedure · V improves over · , we revisit Examples 6.1 and 6.2, which illustrated the loss of value dependencies induced by · .
As a sanity check, we now state the analogues of Theorem 5.1 and Theorem 5.2 for the second rewriting procedure: Theorem 6.1 (Rewriting · V is Type Preserving). Let Γ, Ψ ST P . Then, for all Q ∈ Γ, Ψ ST P V , we have that Q CH Γ c .
Proof. By induction on the derivation Γ ST P . See § A.6 for details.
Theorem 6.2 (Operational Correspondence for · V ). Let P be such that Γ, Ψ ST P for some Γ, Ψ. Then we have: (1) If P → P , then for all Q ∈ Γ, Ψ ST P V there exists Q such that: (2) If Q ∈ Γ, Ψ ST P V , such that P ∈ K n , and Q → → Q , then there exists P such that: Proof. By induction on the length of the derivations (P → P and Q → Q ), following the structure of the corresponding proof for · (cf. Theorem 5.2 and § A.4).

Discussion: The Case of Infinite Processes
Our investigation has been motivated by the proliferation of different type systems for ensuring safety and liveness properties of mobile, concurrent processes. Different type systems enforce different such properties, which include various forms of (dead)lock-freedom, termination, and confluence. In this work, our criteria have been twofold. On the one hand, we have aimed at obtaining objective formal comparisons between well-established systems, sticking to their original formulations as much as possible. On the other hand, we have concentrated on the intrinsic challenges of statically enforcing deadlock-freedom. To be consistent with these motivations and criteria, we have focused on the case of finite processestyped processes without forms of infinite behavior, such as replication and recursion. Next we discuss the issues involved in considering infinite behaviors in our approach. Infinite behavior in Curry-Howard correspondences for session types arises primarily from interpreting sharing exponentials ! and ? at the level of propositions/types as input-guarded replication !x(z).Q at the level of proofs/processes. In the classical setting considered here, a channel typed with !A denotes a server that offers zero or many copies of a process with behavior of type A upon request (an input); dually, a channel typed with ?A denotes a request to such a server (an output). This setting requires an additional cut rule for exponential environments, and additional typing rules for realizing the sharing semantics of !A and ?A. The resulting logically justified reduction rule involves interaction between at most one session: Indeed, the process before the reduction features a cut along one session (i.e., x); after the reduction, the process contains two separate cuts along independent sessions x and y. One of these cuts is the linear cut rule considered here; the other is the cut rule required for exponentials. Notice that a process in K 1 does not become a process in K 2 after a reduction step. There are no fundamental obstacles to revising Definition 4.2 so as to define a "full L", extended with sharing exponentials ! and ?, without altering the spirit of the characterization given by the degree of sharing. That is, the notion of degree of sharing is robust: it does not depend on the absence of infinite behaviors as represented by !A and ?A. Now, adding forms of infinite behavior to interacting processes entails including properties related to termination into the analysis of (dead)lock-freedom. Crucially, the full Curry-Howard interpretation for session types, including exponentials and input-guarded replication, is known to be strongly normalizing and confluent [PCPT12,PCPT14,CP17]. Therefore, infinite behavior in full L concerns unboundedly many copies of finite, deterministic interactive behaviors. The fact that a single type system simultaneously enforces deadlock-freedom, termination, and confluence sharply contrasts to the situation for nonlogical type systems: to our knowledge, none of them simultaneously ensures these three properties-a notable exception being the hybrid type system in [KS10] (see below). Clearly, it would be unfair to compare processes that enjoy different properties, i.e,, processes in L against well-typed processes in type systems that enforce some, but not all, of deadlockfreedom, termination, and confluence. By focusing on finite behaviors, in this paper we have found a fair common ground to objectively compare different type systems.
The integration of non-logical type systems for (dead)lock-freedom, termination, and confluence is far from trivial, and requires sophisticated mechanisms. Kobayashi and Sangiorgi [KS10] targeted such an integration by defining a parametric hybrid type system based on usages, capable of enforcing the three properties through different methods (not necessarily type systems). In their type system, the syntax of usage types includes replicated usages * U , i.e., unboundedly many parallel copies of usage U . (The authors remark that recursive usages µα.U are also sound.) In order to fairly compare [KS10] and the infinite behavior present in full L, we would need to find appropriate syntactic/semantic conditions under which the type system in [KS10] is restricted/limited so as to simultaneously enforce (dead)lock-freedom, termination, and confluence properties for input-replicated processes. (This would enable us to extend Theorem 4.2 to the case of replicated processes.) Given the complexity of the system in [KS10], identifying such syntactic and semantic conditions seems challenging. Notice that, even with a succinct characterization of such conditions, defining such a restricted variant of [KS10] would most likely mean developing a different, ad-hoc type system, therefore departing from the compact behavioral abstractions given by usage types. Hence, comparing such a potentially ad-hoc type system against the canonical language full L would also be unfair.
We notice that Curry-Howard interpretations of session types have been extended with forms of (co)-recursive types, which substantially extend (full) L while dropping the termination guarantee-see the works by Toninho et al. [TCP14] and by Lindley and Morris [LM16]. Indeed, the framework in [LM16] can be roughly seen as the extension of the logic-based type system in § 3.1 with co-recursion. Although these extensions bring closer logically motivated and non-logical type systems (which often do not ensure termination), the forms of co-recursive infinite behavior enabled by [TCP14,LM16] preserve the intrinsic confluent, deterministic behavior inherited from logical foundations. This prevents fair comparisons with type systems for deadlock-freedom of unbounded/cyclic communication structures which do not guarantee confluence/determinism, such as those by Giachino et al. [GKL14,KL17]. In contrast, the type system for deadlock-freedom by Padovani [Pad14] ensures a form of partial confluence, inherited from [KPT99]. Hence, it would seem that there is common ground for comparing the linear type system in [Pad14] and the logically motivated session type system in [LM16]. The actual feasibility of relating these different type systems remains unclear, and should be established in future work.

Related Work
The analysis of deadlock-freedom in concurrency has a rather long, rich history; see, e.g., [AGN97] and references therein. Focusing on type-based approaches to deadlock-freedom of communicating processes, early works are by Kobayashi [Kob97] and by Abramsky et al. [AGN97]. The work in [AGN97] develops a semantic approach to deadlock-freedom for asynchronous communicating processes, building upon categorical foundations. The work in [Kob97] proposes a type system for the π-calculus that builds upon two key ideas: (i) the introduction of usage of channels as types (usage types), and (ii) the classification of channels into reliable and unreliable (where reliable channels are ensured to have deadlockfree interactions). These ideas have proved rather influential; based on them, a number of extensions and enhancements to type systems for deadlock-free, name passing processes have been introduced; the paper [Kob07] offers a unified summary of these developments. The recent paper [KL17], mentioned above, is the latest to build upon notions of usage types and reliable channels for the type-based analysis of unbounded process networks.
The introduction of type systems based on usage types coincided in time with the introduction of (binary) session types as a type-based approach to ensure structured communications [HVK98]. In their original formulation, session types for the π-calculus ensure communication safety and session fidelity, therefore ruling out some (but not all) of the causes of deadlocked behaviors in communicating processes. In session-based concurrency, deadlocks are due to circular dependencies inside a session, but are also found in subtle entanglements between different protocols/sessions. To our knowledge, the first work that addressed progress/deadlock-freedom for session-typed processes is due to Dezani-Ciancaglini et al. [DdY08]. Subsequent works on type-based analyses for deadlock-freedom in structured communications include [BCD + 08, CV09, CD10, CP10, Pad13, VV13, Pad14]. As discussed in detail in the paper, another approach to deadlock freedom is that based on linear logic under a Curry-Howard perspective [CP10,Wad12], where circular dependencies in processes are eliminated by design due to Rule (T-cut). While this journal paper was being prepared, Dardha and Gay [DG18] developed a linear logic-based session type system by combining classical linear logic with Kobayashi's obligations/capabilities, simplified to priorities, to allow "good" cyclic processes. To this aim, the Rule (T-cut) is replaced by Rule (T-cycle). It is important to notice however that none of the above works propose a formal comparison between different type systems for deadlock-freedom, as we achieve in this paper.
Building upon a relationship first suggested by Kobayashi in [Kob07], the work of Dardha et al. [DGS12,Dar14,DGS17] offered a formal relationship between usage types and session types. Such a relationship made it possible to use type-based analysis techniques for usage types in the analysis of session-typed process specifications; this insight was formalized by Carbone et at. [CDM14]. The effectiveness of the approach in [CDM14] is supported by informal comparisons with respect to different type systems for deadlock-freedom (including those in [DdY08] and [CD10]) using processes typable in one framework but not in another.
Previous work on deadlock-resolution in the π-calculus by Giunti and Ravara [GR13] and on unlocking blocked processes by Francalanza et al. [FGR15] is loosely related to our work, and in particular to the rewriting procedures in § 5 and § 6. The approach in [GR13] relies on a typing algorithm that detects a particular class of deadlocks (so-called self-holding deadlocks), but instead of rejecting the code, fixes it by looking into the session types and producing new safe code that obeys the protocols and is deadlock-free. Building upon [GR13], the work in [FGR15] investigates methods for resolving circular-wait deadlocks across parallel compositions, with a focus on finite CCS processes.

Concluding Remarks
We have presented a formal comparison of fundamentally distinct type systems for deadlockfree, session typed processes. To the best of our knowledge, ours is the first work to establish precise relationships of this kind. Indeed, prior comparisons between type systems for deadlock freedom are informal, given in terms of representative examples typable in one type system but not in some other.
An immediate difficulty in giving a unified account of different typed frameworks for deadlock freedom is the variety of process languages, type structures, and typing rules that define each framework. Indeed, our comparisons involve: the framework of session processes put forward by Vasconcelos [Vas12]; the interpretation of linear logic propositions as session types by Caires [Cai14]; the π-calculus with usage types defined by Kobayashi in [Kob02]. Finding some common ground for comparing these three frameworks is not trivial-several translations/transformations were required in our developments to account for numerous syntactic differences. We made an effort to follow the exact definitions in each framework. Overall, we believe that we managed to concentrate on essential semantic features of two salient classes of deadlock-free session processes, here noted L and K.
Our main contribution is identifying the degree of sharing as a subtle, important issue that underlies both session typing and deadlock freedom. We propose a simple characterization of the degree of sharing: in essence, it arises via an explicit premise for the typing rule for parallel composition in the type system in [Kob02]. The degree of sharing is shown to effectively induce a strict hierarchy of deadlock-free session processes in K, as resulting from the approach of [DGS12]. We showed that the most elementary (and non trivial) member of this hierarchy precisely corresponds to L, the canonical class of session typed processes, known to date. Furthermore, by exhibiting an intuitive rewriting procedure of processes in K into processes in L, we demonstrated that the degree of sharing is a subtle criterion for distinguishing deadlock-free processes. As such, even if our technical developments are technically simple, in our view they substantially clarify our understanding of type systems for liveness properties (such as deadlock freedom) in the context of π-calculus processes.
In future work, we would like to obtain semantic characterizations of the degree of sharing, in the form of, e.g., preorders on typed processes that distinguish when one process "is more parallel" than another. Also, we plan to explore whether the rewriting procedures given in § 5 and § 6 could be adapted into a deadlock resolution procedure, in the spirit of [GR13,FGR15]. Lemma A.2. If P ∈ L then, P ∈ K 1 .
Proof. By structural induction on P . By Definition 4.2, we have that where { {·} } is given in Definition 4.1 and concerns only output processes and processes with restriction. Following the process syntax in Fig. 2, there are seven cases to consider: (1) P = 0: Then, by assumption we have: x : end ST 0 and 0 CH x:•, for some name x.
We must show that x : end f 1 KB 0 f . By Definition 3.7 and Fig. 7, this is the same as showing that f x : end su 1 KB 0. The thesis then follows immediately by Rule (Tπ-Nil) (Fig. 6), noticing that n = 1 and end su = ∅[].
(2) P = x(y).P : Then, by assumption and Definition 3.7, 4.1, and 4.2, we have (4) P = x {l i : P i } i∈I . Then, by assumption and Definition 3.7, 4.1, and 4.2, we have: for some context Γ and session types T i for i ∈ I. By inversion on the typing judgement given in (A.9) we have: By Definition 3.7 and 4.2, and by Fig. 7, we must show: . case y of {l i c P i f,{x →c} } i∈I By induction hypothesis on the premise of (A.10) we have: We can then rewrite the above judgement as follows: By applying Rule (Tπ-Var) to obtain y : l i : T i su i∈I , and in order (Tπ-Case) and (Tπ-Inp) (cf. Fig. 6) we conclude: . case y of {l i c P i f,{x →c} } i∈I (5) P = x l j .P j . Then, by assumption and Definitions 3.7, 4.1, and 4.2, we have: for some context Γ and session types T i , for i ∈ I. By inversion on typing judgement on (A.26) we have: By Definition 4.2 and Fig. 7, we must show: . P j f,{x →c} By induction hypothesis on the premise of (A.13) we have: We can then rewrite the above judgement as follows: KB (νc)f x l j c . P j f,{x →c} which concludes this case. (6) P = (νxy)(P 1 | P 2 ): Then, by assumption and Definition 3.7, 4.1 and 4.2, we have: for some typing contexts Γ 1 , Γ 2 . By inversion on the typing judgements given in (A.16) we have the following derivation, for some session type T : Notice that since P ∈ L, then channel endpoints x and y (or the single name w in L) form the only shared channel between processes P 1 and P 2 . This implies that Γ 1 and Γ 2 are disjoint. Hence, Γ 1 , Γ 2 is well defined. By Definition 4.2 and Fig. 7, we must show: By applying induction hypothesis on the premises of (A.17), we have: We can now rewrite the above judgements in terms of f as follows: By applying Rule (Tπ-Par 1 ) (cf. Fig. 6) on (A.18) we have the following derivation: Since the only channel that P 1 and P 2 share is w, then n = 1 and it is sufficient to write the composition of typing contexts Γ 1 f and Γ 2 f with ',' instead of parallel composition. Still, we write | in the composition of the types for channel w, namely T su | T su , as it gives a clearer presentation for the next step of applying Proposition 4.4.
By applying Rule (Tπ-Res) and by using Proposition 4.4 we have the following derivation, which concludes the case: →w} ) (7) P = P 1 | P 2 : This case is similar to the previous one. By assumption we have and inversion on typing on (A.19) we infer: By Definition 4.2 and Fig. 7, we must show: KB P 1 f | P 2 f By applying induction hypothesis on the premises of (A.20), we have: The thesis proceeds by applying Rule (Tπ-Par 1 ) (cf. Fig. 6).
Notice that since P 1 and P 2 do not share any channel, also their encodings do not share any channel. Hence, the minimum n used for the derivation can be 0, which is then subsumed by n = 1, as the condition in the Rule (Tπ-Par 1 ) (cf. Fig. 6) requires |dom(Γ 1 ) ∩ dom(Γ 2 )| ≤ n. Lemma A.3. If P ∈ K 1 then P ∈ L.
Proof. By structural induction on P . Recall that by Definition 4.2, we have that Following the syntax of processes in Fig. 2, there are seven cases to consider: (1) P = 0: Then, by assumption, Fig. 7 and Definition 4.2, we have both x:end ST 0 and x:end f 1 KB 0 f , for some x and any renaming function f . The thesis follows by using Axiom (T-1) in Fig. 5, and the encodings in Fig. 7 and Fig. 8, which ensure 0 CH x:•.
(4) P = x l j .P : Then, by assumption, Fig. 7 and Definition 4.2, we have KB (νc)f x l j c . P f,{x →c} for some typing context Γ, session types S i for i ∈ I and renaming function f . By inversion on typing judgement on (A.26) we have: By induction hypothesis on the premise of (A.27) we have: and then we can conclude by using Rule (T-⊕) in Fig. 5: (5) P = x {l i : P i } i∈I : Similar to the previous case. (6) P = (νxy)P : Then, by assumption, Fig. 7 and Definition 4.2, we have: for some contexts Γ. By (A.29) we can observe the following: • Let w : U [ T ], then rel(U ).
• Since rel(U ), then it must be the case that U = U 1 | U 2 , which in turn implies that P f,{x,y →w} = P 1 f,{x →w} | P 2 f,{y →w} . • Since n = 1 in 1 KB , then P 1 f,{x →w} and P 2 f,{y →w} share at most one channel. But we know more at this stage, that they share exactly 1 channel, which is w. By inversion on the encoding and renaming function f , and on the typing judgement on (A.28) we have: Γ 1 , x : S ST P 1 Γ 2 , y : S ST P 2 Γ 1 , x : S, Γ 2 , y : for some session type S and Γ = Γ 1 , Γ 2 . By applying the induction hypothesis on the premises of (A.30), we have both By Lemma A.1 we obtain: We then conclude by using Lemma 3.8 and Rule (Tcut) (cf. Fig. 5): 7) P = P 1 | P 2 : similar to the previous case, noticing that since there is no restriction to bind two endpoints together, this case boils down to having n = 0. Then, we use Rule (T-mix) (rather than Rule (Tcut)) to type the composition of P 1 and P 2 (cf. Fig. 5).
A.2. Proof of Lemma 5.4. We repeat the statement in Page 18: Lemma 5.4. Let T be a session type and Γ be a session environment.
(1) For all P ∈ { |T | } x , we have P CH x : T c .
Proof. We consider both parts separately.
Part 1. The proof proceeds by induction on the structure of T . Thus, there are five cases to consider: (1) Case T = end. Then, by Definition 5.2, we have { |end| } x = 0 . We conclude by the fact that end c = • (cf. Fig. 8) and by Rule (T-1) (cf. Fig. 5).
(2) Case T = ?T.S. Then, by Definition 5.2, P is of the form x(y).(P 1 | P 2 ), with P 1 ∈ { |T | } y and P 2 ∈ { |S| } x . By applying the induction hypothesis twice, on T and S, we obtain: Now, by applying Rules (T-mix) and (T-) (cf. Fig. 5) we have By encoding of types in Fig. 8, we have ?T.S c = T c S c , which concludes this case.
(3) Case T = !T.S. Then, by Definition 5.2, P is of the form x(y).(P 1 | P 2 ), with P 1 ∈ { |T | } y and P 2 ∈ { |S| } x . By applying the induction hypothesis twice, on T and S, we obtain P 1 CH y : T c P 2 CH x : S c Now, by applying Rule (T-⊗) (cf. Fig. 5) we have By encoding of types in Fig. 8, we have !T.S c = T c ⊗ S c which concludes this case. (4) Case T = &{l i : S i } i∈I . Then, by Definition 5.2, P is of the form x {l i : P i } i∈I , with P i ∈ { |S i | } x , for all i ∈ I. By induction hypothesis on those S i , we obtain P i CH x : S i c , for all i ∈ I. Then, by Rule (T&) (cf. Fig. 5) we have: By encoding of types in Fig. 8, &{l i : S i } i∈I c = &{l i : S i c } i∈I , which concludes this case.
(5) Case T = ⊕{l i : S i } i∈I . Then, by Definition 5.2, P is of the form x l j .P j , with P j ∈ { |S j | } x and j ∈ I. By induction hypothesis on S j , we obtain P j CH x : S j c . Then, by Rule (T⊕) (cf. Fig. 5) we have By encoding of types in Fig. 8, we have ⊕{l i : S i } i∈I c = ⊕{l i : S i c } i∈I , which concludes this case.
Part 2. Given Γ = w 1 : T 1 , . . . , w n : T n , the proof is by induction on n, the size of Γ. The base case is when n = 1: then, by Part 1, { |Γ| } = { |T 1 | } w 1 , and the thesis follows immediately. The inductive step (n > 1) proceeds by using the inductive hypothesis and Rule (T-mix). Let Γ = Γ , w n : T n . Then, by inductive hypothesis, P i ∈ { |Γ | } implies P i CH Γ c . Recall that Γ c = w 1 : T 1 c , . . . , w n−1 : T n−1 c by Definition 3.7. Also, by Part 1, P ∈ { |T n | } wn implies P CH w n : T n c . Since by Definition 5.3, P i | P ∈ { |Γ| }, the thesis follows by composing P i and P using Rule (T-mix): P i CH w 1 : T 1 c , · · · , w n−1 : T n−1 c P CH w n : T n c P i | P CH w 1 : T 1 c , · · · , w n : T n c This concludes the proof.
A.3. Proof of Theorem 5.1. We repeat the statement in Page 21: Theorem 5.1. (Rewriting · is Type Preserving) Let Γ ST P . Then, for all Q ∈ Γ ST P , we have that Q CH Γ c .
Proof. The proof proceeds by cases on the judgement Γ ST P used in the rewriting procedure given in Definition 5.9, and by inversion on the last typing rule applied (given in Fig. 3). There are seven cases to consider: (1) x : end ST 0. Then, by inversion the last rule applied is (T-Nil). By Definition 5.9 we have x : end ST 0 = {0}. By applying Rule (T-1) (cf. Fig. 5) we have: The thesis follows immediately by the encoding of types · c in Fig. 8 and Definition 3.7, which ensure that x : end c = x : end c = x : •. By induction hypothesis, for all Q ∈ Γ , x : S ST P we have that Q CH Γ c , x : S c . Let Q be a process in this set. By applying Rule (T-⊗) on Q and on (A.31) we have By encoding of types · c in Fig. 8 we have !T.S c = T c ⊗ S c , and by Definition 3.7, we have Γ , x : !T.S, v : T c = Γ c , x : T c ⊗ S c , v : T c , which concludes this case. (3) Γ 1 , Γ 2 , x : !T.S ST (νzy)x y .(P 1 | P 2 ), where Γ = Γ 1 , Γ 2 , x : !T.S. By inversion, this judgement is derived by a sequence of applications of rules, the last rule applied is (T-Res), and before that (T-Out) and (T-Par) as follows: By Definition 5.9, we have By induction hypothesis, for all processes Q 1 ∈ Γ 1 , z : T ST P 1 we have Q 1 CH Γ 1 c , z : T c and Q 2 ∈ Γ 2 , x : S ST P 2 we have Q 2 CH Γ 2 c , x : S c Let Q 1 and Q 2 be processes in the first and second set, respectively. By applying Rule (T-⊗) on Q 1 and Q 2 we have: By the encoding of types · c in Fig.8 we have !T.S c = T c ⊗ S c , and by Definition 3.7, we have Γ 1 , Γ 2 , x : !T.S c = Γ 1 c , Γ 2 c , x : T c ⊗ S c , which concludes this case. where by the encoding of types · c in Fig. 8 we have ?T.S c = T c S c , and by Definition 3.7, we have Γ , x : ?T.S c = Γ c , x : T c S c , which concludes this case.
(5) Γ , x : ⊕{l i : S i } i∈I ST x l j .P , where Γ = Γ , x : ⊕{l i : S i } i∈I . By inversion, the last typing rule applied is (T-Sel): By Definition 5.9 we have Let Q be a process in this set. By applying Rule (T-⊕) on Q we have: By the encoding of types · c in Fig. 8, and Definition 3.7, we have Γ , x : ⊕{l i : S i } i∈I c = Γ c , x : ⊕{l i : S i c } i∈I which concludes this case. (6) Γ , x : &{l i : S i } i∈I ST x {l i : P i } i∈I , where Γ = Γ , x : &{l i : S i } i∈I . By inversion, the last typing rule applied is (T-Bra): By Definition 5.9 we have that Γ , x : &{l i : Let Q i be a process in the corresponding set, for all i ∈ I. By applying Rule (T-&) on each of Q i we have: By the encoding of types · c in Fig. 8 we have &{l i : S i } i∈I c = &{l i : S i c } i∈I , and by Definition 3.7, we have Γ , x : &{l i : S i } i∈I c = Γ c , x : &{l i : S i c } i∈I , which concludes this case.
, where by inversion we have Γ 1 , x : S ST P 1 and Γ 2 , y : T ST P 2 , and the last typing rule applied is (T-Res), and before that Rule (T-Par) is used, as follows: Notice that since restriction is the only means of creating dual session channel endpoints (co-variables) and the only restricted names in P are xy, it then follows that Γ 1 ∩ Γ 2 = ∅. Hence, by the definition of the ',' operator we have that Γ 1 , Γ 2 = Γ 1 , Γ 2 .
By Definition 5.9, we have that Γ 1 , [ x : S], Γ 2 , [ y : T ] ST (ν xy : S)(P 1 | P 2 ) is the following set of processes: We start by inspecting the set of processes in (A.32). By induction hypothesis on the left-hand side premise of Rule (T-Par), marked (1), we have: for all processes Q ∈ Γ 1 , x : S ST P 1 we have that Q CH Γ 1 c , x : S c Let Q be an arbitrary process in this set. By Lemma 5.6 we have that C 1 [Q ] CH Γ 1 c . By Lemma 5.4(b) since G 2 ∈ { |Γ 2 | }, we have that G 2 CH Γ 2 c . Since Γ 1 and Γ 2 are disjoint, by Rule (T-mix) we have the following derivation, which concludes the inspection of (A.32): We inspect now the the set of processes in (A.33). By induction hypothesis on the right-hand side premise of Rule (T-Par), marked (2), we have: for all processes R ∈ Γ 2 , y : T ST R we have that R CH Γ 2 c , y : T c Let R be an arbitrary process in this set. By Lemma 5.6, C 2 [R ] CH Γ 2 c . By Lemma 5.4(b) since G 1 ∈ { |Γ 1 | }, we have G 1 CH Γ 1 c . Since Γ 1 and Γ 2 are disjoint, by Rule (T-mix) we have the following derivation: We thus conclude that every process belonging to the set in (A.32) or (A.33) is typed under the typing context Γ 1 c , Γ 2 c , concluding this case (and the proof).
Proposition A.7 (Composing Characteristic Processes). Let Γ and T be a typing context and a type, respectively.
We repeat the statement of the operational correspondence given in Page 22: Theorem 5.2. (Operational Correspondence for · ) Let P be such that Γ ST P for some typing context Γ. Then, we have: (1) If P → P , then for all Q ∈ Γ ST P there exists Q such that: (2) If Q ∈ Γ ST P , such that P ∈ K n , and Q → → Q , then there exists P such that: (i) P → P and (ii) either Q ∈ Γ ST P or Q R such that R ∈ Γ ST P .
Proof. We consider both parts separately.
Part 1. The proof is by induction on the height of the derivation P → P (cf. Fig. 2). There are two main cases to consider, which are reductions inferred using Rules (R-Com) and (R-Case); there are also cases corresponding to Rules (R-Par), (R-Res), and (R-Str), which are straightforward via the induction hypothesis. For convenience, below we annotate bound names with their types: this way, e.g., (νxy : S) means that x : S and y : S. (T-Res) By Definition 5.9, the rewriting of P is as follows: where:

34)
A 2 = G 1 | (νy) y(t).P * 2 | P y | P * 2 ∈ Γ 2 , y : S, t : T ST P 2 , P y ∈ { |!T.S| } y , G 1 ∈ { |Γ 1 , v : T | } (A.35) Before spelling out the rewriting of P , we record some considerations. By Theorem 5.1, the rewriting preserves types: Q ∈ Γ ST P implies Q CH Γ c . Since P → P , Theorem 2.2 ensures Γ ST P . Again, by Theorem 5.1, O ∈ Γ ST P implies O CH Γ c . Also, since Γ 2 , y : S, t : T ST P 2 , then by Lemma A.5 we have Γ 2 , y : S, v : and by well-typedness v / ∈ fn(P 2 ). By Definition 5.9, the rewriting of P is as follows: where: We now show that every process in Γ ST P reduces into a process in Γ ST P . We address two sub-cases: (i) We show that every process in A 1 (cf. Equation (A.34)) reduces to a process in B 1 (cf. Equation (A.36)); (ii) Similarly, we show that every process in A 2 (cf. Equation (A.35)) reduces to a process in B 2 (cf. Equation (A.37)).
[v ↔ w] | P * 1 | P x be an arbitrary process in A 1 , with P x ∈ { |?T.S| } x . By Definition 5.2: We may then let P x = x(t).(Q t | Q x ) where Q t ∈ { |T | } t and Q x ∈ { |S| } x . Considering this, and by applying Rules (R-ChCom) and (R-Fwd) (cf. Fig. 4) we have: (Recall that → is structural congruence extended with a reduction by Rule (R-Fwd).) We shall show that Q ∈ B 1 . Let us consider/recall the provenance of its different components: By Proposition A.7, Items (a) and (b) above entail: In turn, by considering Items (c), (d), and (e), together with Equation (A.36), it is immediate to see that Q ∈ B 1 . Therefore, Q ∈ Γ ST P , as desired.
Sub-case (ii). Let Q = G 1 | (νy) y(t).P * 2 | P y be an arbitrary process in A 2 . Since P y ∈ { |!T.S| } y , by Definition 5.2 we have P y = y(k).(Q k | Q y ), where Q k ∈ { |T | } k and Q y ∈ { |S| } y . Considering this, and by applying Rule (R-ChCom) (cf. Fig. 4), we have: We shall show that Q R, for some R ∈ B 2 . Let us consider/recall the provenance of its different components: Furthermore, we can infer: (e) From (a) and Proposition A.7, there must exist G * 1 and G v such that Given this, we can rewrite Q as follows: We now consider an arbitrary R ∈ B 2 . By Equation (A.37), we have that R G 1 | (νy) Q 2 | P y , with G 1 ∈ { |Γ 1 | }, Q 2 ∈ Γ 2 , y : S, v : T ST P 2 [ v /t] , and P y ∈ { |S| } y . We now compare R and Q (as in Equation (A.38)). By Lemma 5.4 and (e) and (f) above, it is easy to see that Q , R CH Γ 1 c , Γ 2 c , v : T c . Then, by Definition 5.11, we have that Q R. Therefore, there is an R such that Q R, with R ∈ Γ ST P , as desired. This concludes the analysis for Case (R-Com).
(2) Case (R-Case): Since Γ ST P , then by inversion S = ⊕{l i : S i } i∈I for some S i , with i ∈ I. For simplicity, let us write T i to denote the dual of any S i . As a result of the reduction, we have S = S j for some j ∈ I. Again by inversion we have the following derivation: By Definition 5.9 the rewriting of P is as follows: where: Before spelling out the rewriting of P , we record some considerations. By Theorem 5.1, M ∈ Γ ST P implies M CH Γ c . Since P → P , then by Theorem 2.2 we have Γ ST P . Again, by Theorem 5.1, O ∈ Γ ST P implies O CH Γ c . By Definition 5.9 the encoding of P is as follows: where: We now show that every process in Γ ST P reduces into a process in Γ ST P . We address two sub-cases: (i) We show that every process in A 1 (cf. Equation (A.39)) reduces to a process in B 1 (cf. Equation (A.41)); (ii) Similarly, we show that every process in A 2 (cf. Equation (A.40)) reduces to a process in B 2 (cf. Equation (A.42)).
Sub-case (i). Let Q = G 2 | (νx) x l j .Q * | P x be an arbitrary process in A 1 , with Q * ∈ Γ 1 , x : S j ST Q and P x ∈ { |&{l i : T i } i∈I | } x . By Definition 5.2, we may then let P x = x {l i : P i } i∈I , such that P i ∈ { |T i | } x , for all i ∈ I. By applying Rule (R-ChCase) (cf. Fig. 4), we have: We shall show that Q ∈ B 1 . Let us consider/recall the provenance of its different components: (c) P j ∈ { |T j | } x . By considering Items (a) -(c), together with Equation (A.41), it is immediate to see that Q ∈ B 1 . Therefore, Q ∈ Γ ST P , as desired.
Sub-case (ii). Let Q = G 1 | (νy) y {l i : R * i } i∈I | P y be an arbitrary process in A 2 , with R * i ∈ Γ 2 , y : T i ST R i and P y ∈ { | ⊕ {l i : S i } i∈I | } y . By Definition 5.2, P y is one of the processes in the union i∈I y l i .P i | P i ∈ { |S i | } y . We then choose P y = y l j .P j such that j ∈ I and P j ∈ { |S j | } y . By applying Rule (R-ChCase) (cf. Fig. 4), we have: We shall show that Q ∈ B 2 . Let us consider/recall the provenance of its different components: By considering Items (a) -(c), together with Equation (A.42), it is immediate to see that Q ∈ B 2 . Therefore, Q ∈ Γ ST P , as desired. This concludes the analysis for Case (R-Case) (and for Part 1).
Part 2. Let P ∈ K n and Q ∈ Γ ST P . Suppose that Q → → Q ; we now show that (i) there is a P such that P → P and (ii) Q ∈ Γ ST P or Q R, for some R ∈ Γ ST P . We first argue for (i), i.e., the existence of a reduction P → P . Notice that for the reduction(s) Q → → Q to occur, there must exist two complementary prefixes occurring at top level in Q. By Definition 5.9 and, crucially, by the assumption P ∈ K n , the same two prefixes occur at top-level also in P ; hence, P can mimic the reduction from Q, up to structural congruence: P → P . It then suffices to prove the theorem for M ≡ P , in which the two prefixes involved occur in contiguous positions and can reduce.
To address (ii), we now relate P and Q by considering two main cases for the reduction originating from Q (cf. Fig. 4): (1) it corresponds to an input-output communication via Rule (R-ChCom); and (2) it corresponds to a selection-branching interaction via Rule (R-ChCase). (The third case, corresponding to Rule (R-ChRes), is straightforward using the induction hypothesis.) We detail these two cases; the analysis largely mirrors the one given in Part 1: P .
[v ↔ w] | P * 1 | P x be an arbitrary process in A 1 , with P x ∈ { |?T.S| } x . By Definition 5.2 we have that We may then let P x = x(t).(Q t | Q x ) where Q t ∈ { |T | } t and Q x ∈ { |S| } x . By applying Rules (R-ChCom) and (R-Fwd) (cf. Fig. 4) we have: It is then easy to see that Q ∈ Γ ST P .
Since Γ ST P , by Theorem 2.1 also Γ ST M . By inversion let S = ⊕{l i : S i } i∈I for some session types S i (i ∈ I). By Definition 5.9, Γ ST M = A 1 ∪ A 2 , where: Also, by Definition 5.9, we have that Γ ST P = B 1 ∪ B 2 , where: B 1 = F G 2 | (νx)(Q * | P x ) | Q * ∈ Γ 1 , x : S j ST Q , P x ∈ { |T j | } x , G 2 ∈ { |Γ 2 | } B 2 = H G 1 | (νy)(R * j | P y ) | R * j ∈ Γ 2 , y : T j ST R j , P y ∈ { |S j | } y , G 1 ∈ { |Γ 1 | } As before, we now address two sub-cases: (i) We show that every process Q in A 1 reduces to a process Q in B 1 ; (ii) Similarly, we show that every process Q in A 2 reduces to a process Q in B 2 .
Sub-case (i). Let Q = F G 2 | (νx) x l j .Q * | P x be an arbitrary process in A 1 . By Definition 5.2, since P x ∈ { |&{l i : T i } i∈I | } x , then P x = x {l i : P i } i∈I with P i ∈ { |T i | } x , for all i ∈ I. By applying Rule (R-ChCase) (cf. Fig. 4), and letting j ∈ I we have: It is then easy to see that Q ∈ B 1 , and therefore Q ∈ Γ ST P , as desired.
Sub-case (ii). Let Q = H G 1 | (νy) y {l i : R * i } i∈I | y l j .P j be an arbitrary process in A 2 , with R * i ∈ Γ 2 , y : T i ST R i . By Definition 5.2, since P y ∈ { | ⊕ {l i : S i } i∈I | } y = i∈I y l i .P i | P i ∈ { |S i | } y , it means that P y is one of the processes in the union. We may then choose P y = y l j .P j such that j ∈ I and P j ∈ { |S j | } y . By applying Rule (R-ChCase) (cf. Fig. 4) we have: Since P j ∈ { |S j | } y and P y ∈ { |S j | } y , it is then easy to see that Q ∈ B 2 , and therefore Q ∈ Γ ST P , as desired. This concludes the analysis for this case (and for Part 2).
A.5. Proof of Lemma 6.11 (Page 27). We repeat the statement of this lemma: Lemma 6.11. Let T be an annotated session type and Γ, Ψ session typing contexts, respectively.
Proof. We consider both parts separately, assuming Ψ = ∅: the case Ψ = ∅ corresponds to Lemma 5.4. Part 1. The proof is by induction on the structure of T . Thus, there are five cases to consider. The most interesting cases are those for input and output session types with value dependencies; by Definition 6.8, the other cases (input/output without value dependencies, selection, branching) are as in the proof of Lemma 5.4 ( § A.2).
(2) ( (? n T.S) ) x Ψ = x(y).c xz (w).([y ↔ w] | Q) | Q ∈ ( (S) ) x Ψ , if [x n , z m ] ∈ Ψ . By induction hypothesis, Q CH x : S c , Θ, for some context Θ. Here we distinguish the following two sub-cases, depending on whether name c xz already occurs in Q. • Case n > 2 (inductive step). Let Γ = Γ , w n : T n . By inductive hypothesis, Q ∈ ( (Γ ) ) Ψ implies Q CH Γ c , where Ψ collects value dependences involving w 1 , . . . , w n−1 . By Definition 6.9, every Q ∈ ( (Γ ) ) Ψ is of the form Q = (ν c xz )(Q 1 | . . . | Q n−1 ); we must show that P ∈ ( (Γ) ) Ψ implies P CH Γ c . Notice that Q and P differ in the number of parallel processes (i.e., n − 1 vs n). More importantly, observe that considering the additional session w n entails adding 0 ≤ k ≤ n−1 new value dependences. Indeed, Ψ = Ψ iff there are no value dependences between any of w 1 , . . . , w n−1 and w n ; otherwise, Ψ ⊂ Ψ . We then reason by induction on k, the number of dependences in Ψ \ Ψ . k = 0, then considering w n does not induce extra value dependences and, because of Part 1, we have P n CH w n : T n c , ∆ n Thus, we may compose Q ∈ ( (Γ ) ) Ψ and P n using Rule (T-mix), and the thesis follows. The inductive step k > 0 is more interesting. It is instructive to examine the case k = 1, i.e, Ψ \ Ψ = {[w i j , w k n ]}, for some w j (j ∈ {1, . . . , n − 1}). Because of this value dependence between w n and w j , we must consider Q , a variant of Q in which sub-process Q j (the characteristic process for w j : T j ) is replaced with a characteristic process Q j which, by Definition 6.8, has a free name c w j wn : It is easy to see that Q ∈ ( (Γ ) ) Ψ and so Q CH Γ c , c w j wn : S j , for some S j . By Part 1, we have P n CH w n : T n c , c w j wn : S j , ∆ n and so Q and P n can be composed using Rule (T-cut) and the thesis follows.
A.6. Proof of Theorem 6.1 (Page 29). We start by presenting an auxiliary lemma.
Lemma A.8. Let S and Γ be respectively, an annotated session type and an annotated typing context, and let S + and Γ + be the corresponding type and context where the annotation is incremented according to Definition 6.3. Then, S c = S + c and Γ c = Γ + c . Proof. It follows immediately by the encoding given in Fig. 8 and Definition 6.3.
By induction hypothesis, for all processes Q 1 ∈ Γ 1 , z : T Ψ 1 , Ψ z ST P 1 V , we have Q 1 CH Γ 1 c , z : T c . Let Q 1 be an arbitrary process in this set. Also, for all processes Q 2 ∈ Γ 2 , x : S Ψ 2 , Ψ y ST P 2 V , we have Q 2 CH Γ 2 c , x : S c . Let Q 2 be an arbitrary process in this set. By applying Rule (T-⊗) on Q 1 and Q 2 we have the following derivation: By the encoding of types · c in Fig. 8, !T.S c = T c ⊗ S c , and by Definition 3.7, we have Γ 1 , Γ 2 , x : !T.S c = Γ c , x : Γ 1 c , Γ 2 c , x : T c ⊗ S c , and we conclude this case by applying Lemma A.8. where by the encoding of types · c in Fig. 8 we have that ?T.S c = T c S c and by Definition 3.7, we have Γ , x : ?T.S c = Γ c , x : T c S c , and we conclude this case by applying Lemma A.8. (5) The cases for branching and selection follow the same lines as the corresponding ones in Theorem 5.1, whose proof is given in § A.3, hence we omit them.
This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 171 Second St, Suite 300, San Francisco, CA 94105, USA, or Eisenacher Strasse 2, 10777 Berlin, Germany