1 Introduction

The Curry-Howard correspondence, or propositions-as-types paradigm, provides a canonical logical foundation for functional programming [42]. It identifies types with logical propositions, programs with proofs, and computation with proof normalisation. It was natural to ask for a similar account of concurrent programming, and this question was brought into focus by the discovery of linear logic [24] and Girard’s explicit suggestion that it should have some connection with concurrent computation. Several attempts were made to relate \(\pi \)-calculus processes to the proof nets of classical linear logic [1, 8], and to relate CCS-like processes to the \(*\)-autonomous categories that provide semantics for classical linear logic [2]. However, this work did not result in a convincing propositions-as-types framework for concurrency, and did not continue beyond the 1990s.

Fig. 1.
figure 1

Cyclic scheduler

Full size image

Meanwhile, Honda et al. [26, 27, 38] developed session types as a formalism for statically checking that messages have the correct types and sequence according to a communication protocol. Research on session types developed and matured over several years, eventually inspiring Caires and Pfenning [12] to discover a Curry-Howard correspondence between dual intuitionistic linear logic [7] and a form of \(\pi \)-calculus with session types [38]. Wadler [41] subsequently gave an alternative formulation based on classical linear logic, and related it to existing work on session types for functional languages [23]. The Caires-Pfenning approach has been widely accepted as a propositions-as-types theory of concurrent programming, as well as providing a logical foundation for session types.

Caires and Pfenning’s type system guarantees deadlock-freedom by forbidding cyclic process structures. It provides a logical foundation for deadlock-free session processes, complementing previous approaches to deadlock-freedom in session type systems [9, 15, 21, 22]. The logical approach to session types has been extended in many ways, including features such as dependent types [39], failures and non-determinism [11], sharing and races [6]. All this work relies on the acyclicity condition. However, rejecting cyclic process structures is unnecessarily strict: they are a necessary, but not sufficient, condition for the existence of deadlocked communication operations. As we will show in Example 1 (Fig. 1), there are deadlock-free processes that can naturally be implemented in a cyclic way, but are rejected by Caires and Pfenning’s type system.

Our contribution is to define a new logic, priority-based linear logic (PLL), and formulate it as a type system for priority-based CP (PCP), which is a more expressive class of processes than Wadler’s CP [41]. This is the first Curry-Howard correspondence that allows cyclic interconnected processes, while still ensuring deadlock-freedom. The key idea is that PLL includes conditions on inter-channel dependencies based on Kobayashi’s type systems [29, 30, 32]. Our work can be viewed in three ways: (i) as a new linear logic in which cyclic proof structures can be derived; (ii) as an extension of Caires-Pfenning type systems so that they accept more processes, while maintaining the strong logical foundation; (iii) as a logical foundation for Kobayashi-style type systems.

An example of a deadlock-free cyclic process is Milner’s well-known scheduler [35], described in the following Example 1.

Example 1

(Cyclic Scheduler, Fig. 1). A set of agents \(A_0,..., A_{n-1}\), for \(n>1\), is scheduled to perform a certain task in cyclic order, starting with agent \(A_0\). For all \(i\in \{1,..., n-1\}\), agent \(A_i\) sends the result of computation to a collector process \(P_i\), before transmitting further data to agent . At the end of the round, \(A_0\) sends the final result to \(P_0\). Here we define a finite version of Milner’s scheduler, which executes one round of communication.

figure a

Prefix \({c}_{0} [{\mathbf {n}}_{0}]\) denotes an output on \({c}_{0}\), and \({d}_{0} ({{x}_{0}})\) an input on \({d}_{0}\). For now, let \(\mathbf {m}\) and \(\mathbf {n}\) denote data. Process \(\mathsf {close}_{i}\) closes the channels used by \(A_i\): the details of this closure are irrelevant here (however, they are as in processes Q and R in Example 2). Process \(Q_i\) uses the message received from \(A_i\), in internal computation. The construct \(({\varvec{\nu }} ab)\) creates two channel endpoints a and b and binds them together. The system Sched is deadlock-free because \(A_1,...,A_{n-1}\) each wait for a message from the previous \(A_i\) before sending, and \(A_0\) sends the initial message.

Sched is not typable in the original type systems by Caires-Pfenning and Wadler. To do that, it would be necessary to break \(A_0\) into two parallel agents \(A_0' \ \triangleq \ {c}_{0} [{\mathbf {n}}_{0}].\mathsf {close}_{{c}_{0}}\) and \(A_0'' \ \triangleq \ {d}_{0} ({{x}_{0}}).{a}_{0}[{\mathbf {m}}_{0}].\mathsf {close}_{{d}_{0},{a}_{0}}\). This changes the design of the system, yielding a different one. Moreover, if the scheduler continues into a second round of communication, this redesign is not possible because of the potential dependency from the input on \({d}_{0}\) to the next output on \({c}_{0}\). However, Sched is typable in PCP; we will show the type assignment at the end of Sect. 2.

There is a natural question at this point: given that the cyclic scheduler is deadlock-free, is it possible to encode its semantics in CP , thus eliminating the need for PCP ? It is possible to define a centralised agent A that communicates with all the collectors \(P_i\), resulting in a system that is semantically equivalent to our Sched. However, such an encoding has a global character, and changes the structure of the overall system from distributed to centralised. In programming terms, it corresponds to changing the software design, as we pointed out in Example 1, and ultimately the software architecture, which is not always desirable or even feasible. The aim of PCP is to generalise CP so that deadlock-free processes can be constructed with their natural structure. We would want any encoding of PCP into CP to be structure-preserving, which would mean translating the \(\small \textsc {Cycle}\) rule (given in Fig. 2) homomorphically; this is clearly impossible.

Contributions and Structure of the Paper. In Sect. 2 we define priority-based linear logic (PLL), which extends classical linear logic (CLL) with priorities attached to propositions. These priorities are based on Kobayashi’s annotations for deadlock freedom [32]. By following the propositions-as-types paradigm, we define a term assignment for PLL proofs, resulting in priority-based classical processes (PCP), which extends Wadler’s CP [41] with \(\small \textsc {Mix}\) and \(\small \textsc {Cycle}\) rules (Fig. 2). In Sect. 3 we define an operational semantics for PCP. In Sect. 4 we prove \(\small \textsc {Cycle}\)-elimination (Theorem 1) for PLL, analogous to the standard \(\small \textsc {Cut}\)-elimination theorem for CLL. Consequently, the results for PCP are subject reduction (Theorem 2), top-level deadlock-freedom (Theorem 3), and full deadlock-freedom for closed processes (Theorem 4). In Sect. 5 we discuss related work and conclude the paper.

2 PCP: Classical Processes with Mix and Cycle

Priority-based CP (PCP) follows the style of Wadler’s Classical Processes (CP) [41], with details inspired by Carbone et al. [14] and Caires and Pérez [11].

Types. We start with types, which are based on CLL propositions. Let AB range over types, given in Definition 1. Let \(\mathsf {o}, \kappa \in \mathbb {N}\cup \{\omega \}\) range over priorities, which are used to annotate types. Let \(\omega \) be a special element such that \(\mathsf {o}<\omega \) for all \(\mathsf {o}\in \mathbb {N}\). Often, we will omit \(\omega \). We will explain priorities later in this section.

Definition 1

(Types). Types (AB) are given by:

figure b

\(\mathbf{\bot }^\mathsf {o}\) and \(\mathbf{1}^\mathsf {o}\) are associated with channel endpoints that are ready to be closed. \(A \, {\otimes }^{\mathsf {o}}\, B\) (respectively, ) is associated with a channel endpoint that first outputs (respectively, inputs) a channel of type A and then proceeds as B. \(\oplus ^{\mathsf {o}}\{{l}_i:{A}_i\}_{i\in I}\) is associated with a channel endpoint over which we can select a label from \(\{l_i\}_{i\in I}\), and proceed as \(A_i\). Dually, is associated with a channel endpoint that can offer a set of labelled types. types a collection of clients requesting A. Dually, types a server repeatedly accepting A.

Duality on types is total and is given in Definition 2. It preserves priorities of types.

Definition 2

(Duality). The duality function \((\cdot )^\bot \) on types is given by:

figure c

Processes. Let PQ range over processes, given in Definition 3. Let xy range over channel endpoints, and \(\mathbf {m}, \mathbf {n}\) over channel endpoints of type either \(\mathbf{\bot }^\mathsf {o}\) or \(\mathbf{1}^\mathsf {o}\).

Definition 3

(Processes). Processes (PQ) are given by:

figure d

Process \(x[y].P\) (respectively, \(x({y}).P\)) outputs (respectively, inputs) y on channel endpoint x, and proceeds as P. Process \(x\triangleleft {l_j}.P\) uses x to select \(l_j\) from a labelled choice process, typically being \(x\triangleright \{{l}_i:P_i\}_{i\in I}\), and triggers \(P_j\); labels indexed by the finite set I are pairwise distinct. Process \({x}\!\rightarrow \!{y}^{A}\) forwards communications from x to y, the latter having type A. Processes also include the inaction process \({\varvec{0}}\), the parallel composition of P and Q, denoted \(P \mathord {\;\varvec{|}\;}Q\), and the double restriction constructor \(({\varvec{\nu }} {x}^{A}{y})P\): the intention is that x and y denote dual session channel endpoints in P, and A is the type of x. Processes \({x}[\,].{\varvec{0}}\) and \({x}().P\) are the empty output and empty input, respectively. They denote the closure of a session from the viewpoint of each of the two communicating participants.

Notions of bound/free names in processes are standard; we write \(\mathtt{{f}n}(P)\) to denote the set of free names of P. Also, we write to denote the (capture-avoiding) substitution of x for the free occurrences of z in P. Finally, we let \(\tilde{x}\), which is different from x, denote a sequence \(x_1, \ldots ,x_n\) for \(n>0\).

Typing Rules. Typing contexts, ranged over by \(\varGamma , \varDelta , \varTheta \), are sets of typing assumptions \(x\! :\!A\). We write \(\varGamma , \varDelta \) for union, requiring the contexts to be disjoint. A typing judgement \(P \vdash \varGamma \) means “process P is well typed using context \(\varGamma \)”.

Before presenting the typing rules, we need some auxiliary definitions. Our priorities are based on the annotations used by Kobayashi [32], but simplified to single priorities à la Padovani [37]. They obey the following laws:

  1. (i)

    An action of priority \(\mathsf {o}\) must be prefixed only by actions of priorities strictly smaller than \(\mathsf {o}\).

  2. (ii)

    Communication requires equal priorities for the complementary actions.

Definition 4

(Priority). The priority function \(\mathsf {pr}_{}(\cdot )\) on types is given by:

figure e

Definition 5

(Lift). Let \(t \in \mathbb {N}\). The lift operator \(\mathop {\uparrow ^{t}}{}(\cdot )\) on types is given by:

figure f

We assume \(\omega + t = \omega \) for all \(t \in \mathbb {N}\).

The operator \(\mathop {\uparrow ^{t}}\) is extended component-wise to typing contexts: \(\mathop {\uparrow ^{t}}\varGamma \).

The typing rules are given in Fig. 2. states that the forwarding process \({x}\!\rightarrow \!{y}^{A}\) is well typed if x and y have dual types, respectively \({A}^{\perp }\) and A. types the parallel composition of two processes P and Q in the union of their disjoint typing contexts. is our key typing rule; it states that the restriction process is well typed, if the endpoints x and y have dual types, respectively A and \({A}^{\perp }\). By Definition 2, A and \({A}^{\perp }\) also have the same priorities, enforcing law (ii) above. In classical logic this rule would be unsound, but in PLL it allows deadlock-free cycles. Rule \(\emptyset \) states that inaction is well typed in the empty context. Rules \(\mathbf{1}\) and \(\bot \) type channel closure actions from the viewpoint of each participant. Rule (respectively \(\otimes \)) types an input process \(x({y}).P\) (respectively, output process \(x[y].P\)), with y bound and x of type (respectively, \(A \, {\otimes }^{\mathsf {o}}\, B\)). The priority \(\mathsf {o}\) is strictly smaller than any priorities in the continuation process P, enforcing law (i) above. This is captured by \(\mathsf {o}< \mathsf {pr}_{}(\varGamma )\) in the premises of both rules, abbreviating “for all \(z\in \mathtt{{d}om}(\varGamma ), \mathsf {o}<\mathsf {pr}_{}(\varGamma (z))\)”. Rules and \(\oplus \) type external and internal choice, respectively, and follow the previous two rules. Rule types a server and states that if P communicates along y following protocol A, then communicates along x following protocol . The three remaining rules type different numbers of clients. Rule is for a single client: if P communicates along y following A, then communicates along x following . Rule is for no client: if P does not communicate along any channel following A, then it may be regarded as communicating along x following , for some priority \(\mathsf {o}\). Rule is for multiple clients: if P communicates along y following , and z following protocol , then communicates along a single channel x following , where \(\mathsf {o}\leqslant \mathsf {\kappa }\) and \(\mathsf {o}\leqslant \mathsf {\kappa }'\). The last two conditions are necessary to deal with some cases in the proof of \(\small \textsc {Cycle}\)-elimination (Theorem  1).

Fig. 2.
figure 2

Typing rules for PCP.

Full size image

Lifting preserves typability, by an easy induction on typing derivations.

Lemma 1

If \(P\vdash \varGamma \) then \(P\vdash \mathop {\uparrow ^{t}}{\varGamma }\).

We will use this result in the form of an admissible rule:   

The Design of We have included \(\small \textsc {Mix}\) and \(\small \textsc {Cycle}\), which allow derivation of both the standard \(\small \textsc {Cut}\) and the \(\small \textsc {Multicut}\) by Abramsky et al. [2].

figure g

Conversely, \(\small \textsc {Mix}\) is the nullary case of \(\small \textsc {Multicut}\), and \(\small \textsc {Cycle}\) can be derived from \(\small \textsc {Ax}\) and \(\small \textsc {Multicut}\):

figure h

Having included \(\small \textsc {Mix}\), we choose \(\small \textsc {Cycle}\) instead of \(\small \textsc {Multicut}\), as \(\small \textsc {Cycle}\) is more primitive.

In the presence of \(\small \textsc {Mix}\) and \(\small \textsc {Cycle}\), there is an isomorphism between \(A\otimes B\) and in CLL. Both and , are derivable, where in CLL. Equivalently, both and are derivable. For simplicity, let \(\mathsf {pr}_{}(A) = \mathsf {pr}_{}(B) = \omega \); by duality also \(\mathsf {pr}_{}({A}^{\perp }) = \mathsf {pr}_{}({B}^{\perp }) = \omega \).

figure i

The above derivations without priorities show the isomorphism between \(A\otimes B\) and in CLL, which does not hold in our PLL, in particular as \(\mathsf {o}_1 \ne \mathsf {o}_2\). The distinction between \(\otimes \) and , preserves the distinction between output and input in the term assignment. However, to simplify derivations, both typing rules (Fig. 2) have the same form. The usual tensor rule, where there are two separate derivations in the premise rather than just one, is derivable by using \(\small \textsc {Mix}\).

Our type system performs priority-checking. Priorities can be inferred, as in Kobayashi’s type system [32] and the tool TyPiCal [28]. We have opted for priority checking over priority inference, as the presentation is more elegant.

The following two examples illustrate the use of priorities. We first establish the structure of the typing derivation, then calculate the priorities. We conclude the section by showing the typing for the cyclic scheduler from Sect. 1.

Example 2

(Cyclic process: deadlock-free). Consider the following process

$$\begin{aligned} P\ \triangleq \ ({\varvec{\nu }} x_1y_1)({\varvec{\nu }} x_2y_2) \big [ x_1({v}).x_2({w}).R \mathord {\;\varvec{|}\;}y_1[\mathbf {n}].y_2[\mathbf {n}'].Q \big ] \end{aligned}$$

where \(R\ \triangleq \ {x_1}().{{v}().{{x_2}().{{w}().{\varvec{0}}}}}\) and \(Q\ \triangleq \ {y_1}[\,].{\varvec{0}} \mathord {\;\varvec{|}\;}{\mathbf {n}}[\,].{\varvec{0}}\mathord {\;\varvec{|}\;}{y_2}[\,].{\varvec{0}} \mathord {\;\varvec{|}\;}{\mathbf {n}'}[\,].{\varvec{0}}\). First, we show the typing derivation for the left-hand side of the parallel, \(x_1({v}).x_2({w}).R\):

figure j

Now, the typing derivation for the right-hand side of the parallel, \(y_1[\mathbf {n}].y_2[\mathbf {n}'].Q\), and recall that \(\mathsf {\kappa }_4< \mathsf {\kappa }_3<\mathsf {\kappa }_2 < \mathsf {\kappa }_1\):

figure k

Finally, the typing derivation for process P is as follows:

figure l

The system of equations

figure m

can be solved by the assignment \(\mathsf {o}_1 = \mathsf {o}_3 = 1\) and \(\mathsf {o}_2 = \mathsf {o}_4 = 0\).

Example 3

(Cyclic process: deadlocked!). Now consider the process

$$\begin{aligned} P' = ({\varvec{\nu }} x_1y_1)({\varvec{\nu }} x_2y_2) \big [ x_1({v}).x_2({w}).R \mathord {\;\varvec{|}\;}y_2[\mathbf {n}'].y_1[\mathbf {n}].Q \big ] \end{aligned}$$

where \(R = {x_1}().{{v}().{{x_2}().{{w}().{\varvec{0}}}}}\) and \(Q = {y_1}[\,].{\varvec{0}} \mathord {\;\varvec{|}\;}{\mathbf {n}}[\,].{\varvec{0}}\mathord {\;\varvec{|}\;}{y_2}[\,].{\varvec{0}} \mathord {\;\varvec{|}\;}{\mathbf {n}'}[\,].{\varvec{0}}\). Notice that the order of actions on channels \(y_1\) and \(y_2\) is now swapped, thus causing a deadlock! If we tried to construct a typing derivation for process \(P'\), we would have for the right-hand side of the parallel the following:

figure n

Then, the system of equations

figure o

has no solution because it requires \(\mathsf {o}_2 <\mathsf {o}_3\) and \(\mathsf {o}_3 <\mathsf {o}_2\), which is impossible.

Example 1 continued (Cyclic Scheduler)

figure p

By applying the typing rules in Fig. 2 we can derive \(Sched \vdash \emptyset \), since it is a closed process, and assign the following types and priorities:

figure q

The priorities of types \(\mathbf{\bot }\) and \(\mathbf{1}\) could be easily assigned as Example 2. As the priority of \(d_{i+1}\) is \(2(i+1)-2 = 2i\), we can connect it to \(a_i\) with a \(\small \textsc {Cycle}\).

3 Operational Semantics of PCP

In this section we define structural equivalence, the principal \(\beta \)-reduction rules and commuting conversions. The detailed derivations can be found in [18].

We define structural equivalence to be the smallest congruence relation satisfying the following axioms. \(\small \textsc {SC-Ax-Swp}\) allows swapping channels in the forwarding process. \(\small \textsc {SC-Ax-Cycle}\) states that cycle applied to a forwarding process is equivalent to inaction. This allows elimination of unnecessary cycles. Axioms \(\small \textsc {SC-Mix-Nil}\), \(\small \textsc {SC-Mix-Comm}\) and \(\small \textsc {SC-Mix-Asc}\) state that parallel composition uses the inaction as the neutral element and is commutative and associative. \(\small \textsc {SC-Cycle-Ext}\) is the standard scope extrusion rule. \(\small \textsc {SC-Cycle-Swp}\) allows swapping channels and \(\small \textsc {SC-Cycle-Comm}\) states the commutativity of restrictionFootnote 1.

figure r
Fig. 3.
figure 3

\(\beta \)-reduction for \(\otimes \) and .

Full size image

The core of the operational semantics consists of \(\beta \)-reductions. In \(\pi \)-calculus terms these are communication steps; in logical terms they are \(\small \textsc {Cycle}\)-elimination steps. is given in Fig. 3 to illustrate priorities. It simplifies a cycle connecting x of type \(A\, {\otimes }^{\mathsf {o}}\, B\) and y of type , which corresponds to communication between an output on x and an input on y, respectively. Both actions have priority \(\mathsf {o}\), which is strictly smaller than any priorities in their typing contexts, respecting the fact that they are top-level prefixes. The remaining \(\beta \)-reductions are summarised below. \(\beta _{\small \textsc {AxCycle}}\) simplifies a \(\small \textsc {Cycle}\) involving an axiom. \(\beta _{\mathbf{1}\bot }\) closes and eliminates channels. , similarly to , simplifies a communication between a selection and a branching. simplifies a cycle between one server of type and one client of type . The last two rules differ in the number of clients involved: rule considers no clients, whether considers multiple clients.

figure s

Commuting conversions, following [12, 41], allow communication prefixes to be moved to the conclusion of a typing derivation, corresponding to pulling them out of the scope of \(\small \textsc {Cycle}\) rules. In order to account for the sequence of \(\small \textsc {Cycle}\)s, here we use \(\tilde{\cdot }\). Due to this movement, if a prefix on a channel endpoint x with priority \(\mathsf {o}\) is pulled out at top level, then to preserve priority conditions in the typing rules in Fig. 2, it is necessary to increase priorities of all actions after the prefix on x. This increase is achieved by using \(\mathop {\uparrow ^{\mathsf {o}+1}}(\cdot )\) in the typing contexts.

figure t

Finally, we give the following additional reduction rules: closure under structural equivalence, and two congruence rules, for restriction and for parallel.

figure u

4 Results for PLL and PCP

4.1 \(\small \textsc {Cycle}\)-Elimination for PLL

We start with results for \(\small \textsc {Cycle}\)-elimination for PLL; thus here we refer to AB as propositions, rather than types. The detailed proofs can be found in [18].

Definition 6

The degree function \(\partial ({\cdot })\) on propositions is defined by:

  • \(\partial ({\mathbf{1}^\mathsf {o}}) = \partial ({\mathbf{\bot }^\mathsf {o}}) = 1\)

  • \( \partial ({{ \& ^{\mathsf {o}}\{{l}_i:{A}_i\}_{i\in I}}}) = \partial ({\oplus ^{\mathsf {o}}\{{l}_i:{A}_i\}_{i\in I}}) = \sum _{i\in I}\{\partial ({A_i}) \} +1\)

  • .

Definition 7

A \(\small \textsc {Maxicut}\) is a maximal sequence of \(\small \textsc {Mix}\) and \(\small \textsc {Cycle}\) rules, ending with a \(\small \textsc {Cycle}\) rule.

Maximality means that the rules applied immediately before a \(\small \textsc {Maxicut}\) are any rules in Fig. 2, other than \(\small \textsc {Mix}\) or \(\small \textsc {Cycle}\). The order in which \(\small \textsc {Mix}\) and \(\small \textsc {Cycle}\) rules are applied within a \(\small \textsc {Maxicut}\) is irrelevant. However, Proposition 1, which follows directly from structural equivalence (Sect. 3), allows us to simplify a \(\small \textsc {Maxicut}\).

Proposition 1

(Canonical ). Given an arbitrary \(\small \textsc {Maxicut}\), it is always possible to obtain from it a canonical \(\small \textsc {Maxicut}\) consisting of a sequence of only \(\small \textsc {Mix}\) rules followed by a sequence of only \(\small \textsc {Cycle}\) rules.

Definition 8

A single-\(\small \textsc {Mix}\) \(\small \textsc {Maxicut}\) contains only one \(\small \textsc {Mix}\) rule.

\(A_1,\ldots ,A_n, A\) are \(\small \textsc {Maxicut}\) propositions if they are eliminated by a \(\small \textsc {Maxicut}\).

The degree of a sequence of \(\small \textsc {Cycle}\)s is the sum of the degrees of the eliminated propositions.

The degree of a \(\small \textsc {Maxicut}\) is the sum of the degrees of the \(\small \textsc {Cycle}\)s in it.

The degree of a proof \(\pi \), \(d(\pi )\), is the sup of the degrees of its \(\small \textsc {Maxicut}\)s, implying \(d(\pi )= 0\) if and only if proof \(\pi \) has no \(\small \textsc {Cycle}\)s.

The height of a proof \(\pi \), \(h(\pi )\), is the height of its tree, and it is defined as \(h(\pi )= {\mathrm {sup}\big (h(\pi _i)\big )}_{i\in I}+1\), where \(\{\pi _i\}_{i\in I}\) are the subproofs of \(\pi \).

\(\small \textsc {Maxicut}\) has some similarities with the derived \(\small \textsc {Multicut}\): it generalises \(\small \textsc {Multicut}\) in the number of \(\small \textsc {Mix}\)es, and a single-\(\small \textsc {Mix}\) \(\small \textsc {Maxicut}\) is an occurrence of \(\small \textsc {Multicut}\).

The core of \(\small \textsc {Cycle}\)-elimination for our PLL, as for \(\small \textsc {Cut}\)-elimination for CLL [10, 25], is the Principal Lemma (Lemma 3), which eliminates a \(\small \textsc {Cycle}\) by either (i) replacing it with another \(\small \textsc {Cycle}\) on simpler propositions, or (ii) pushing it further up the proof tree. Item (i) corresponds to (the logical part of) \(\beta \)-reductions (Sect. 3); and (ii) corresponds to (the logical part of) commuting conversions (Sect. 3).

Exceptionally, reduces the original proof in a way that neither (i) nor (ii) are respected. In order to cope with this case, we introduce Lemma 2, which is inspired by Lemma B.1.3 in Bräuner [10], and adapted to our PLL. Lemma 2 allows us to reduce the degree of a proof ending with a single-\(\small \textsc {Mix}\) \(\small \textsc {Maxicut}\) and having the same degree as the whole proof, and where the last rule applied on the left hand-side immediate subproof is . Let [n] denote the set \(\{1,\ldots ,n\}\).

Lemma 2

(Inspired by B.1.3 in Bräuner [10]). Let \(\tau \) be a proof of the following form, ending with a single-\(\small \textsc {Mix}\) \(\small \textsc {Maxicut}\):

figure v

where \(d(\pi )<d(\tau )\) and \(d(\pi ') <d(\tau )\). Then, there is a proof \(\tau '\) of such that \(d(\tau ') < d(\tau )\).

Proof

Induction on \(h(\pi ')\), with a case-analysis on the last rule applied in \(\pi '\).    \(\square \)

Lemma 3

(The Principal Lemma). Let \(\tau \) be a proof of \(~\vdash \varGamma \), ending with a canonical \(\small \textsc {Maxicut}\):

figure w

such that for all \(i \in [m]\), \(d(\pi _i) < d(\tau )\). Then there is a proof \(\tau '\) of \(~\vdash \mathop {\uparrow ^{t}}\varGamma \), for some \(t\geqslant 0\), such that \(d(\tau ') < d(\tau )\).

Proof

The proof is by induction on \(\sum _{i\in [m]} h(\pi _i)\). Let \(r_i\) be the last rule applied in \(\pi _i\), for \(i \in [m]\) and let \(C_{r_i}\) be the proposition introduced by \(r_i\). Consider the proposition with the smallest priority. If the proposition is not unique, just pick one. Let this proposition be \(C_{r_k}\). Then, \(\pi _k\) is the following proof:  

We proceed by cases on \(\pi _k\).

\(r_k\) is \(\otimes \) on one of the \(\small \textsc {Maxicut}\) propositions \(A_1,\ldots ,A_n, A\). Without loss of generality, suppose \(r_k\) is applied on A, meaning \(A = E\, {\otimes }^{\mathsf {o}}\, F\) for some E and F and \(\mathsf {o}\geqslant 0\). By \(\otimes \) rule in Fig. 2, \(\mathsf {o}< \mathsf {pr}_{}(\varGamma ')\). Since A is a \(\small \textsc {Maxicut}\) proposition, by Definition 2, . Since \(\mathsf {o}<\mathsf {pr}_{}(\varGamma ')\) and \(\mathsf {pr}_{}({A}^{\perp }) = \mathsf {o}\), it must be that \({A}^{\perp }\) is in another proof, say \(\pi _h\):    

Consider the case where \(r_h\) is a multiplicative, additive, exponential or \(\mathbf{\bot }\) rule in Fig. 2. Suppose \(r_h\) is applied on \(C_{r_h}\) which is not \({A}^{\perp }\). All the mentioned rules require , implying . This contradicts the fact that \(\mathsf {o}\) is the smallest priority. Hence, \(r_h\) must be a introducing \({A}^{\perp }\).

We construct proof \(\tau _A\) ending with a single-\(\small \textsc {Mix}\) \(\small \textsc {Maxicut}\) applied on at least A:

figure x

Then, by structural equivalence, we can rewrite \(\tau \) in terms of \(\tau _A\). By applying on \(\tau _A\) (only considering the logical part), we obtain a proof \(\tau '_A\) such that \(d(\tau '_A) < d(\tau _A) \le d(\tau )\), because \(\partial ({E}) +\partial ({F}) < \partial ({E \, {\otimes }^{\mathsf {o}}\, F})\). We can then construct \(\tau '\) by substituting \(\tau '_A\) for \(\tau _A\) in \(\tau \), which concludes this case.

\(r_k\) is on one of the \(\small \textsc {Maxicut}\) propositions \(A_1,\ldots ,A_n, A\). Without loss of generality, suppose \(r_k\) introduces A, implying that for some \(A'\) and \(\mathsf {o}\geqslant 0\). Then \(\pi _k\) is the following proof:

figure y

where . Since A is a \(\small \textsc {Maxicut}\) proposition, by duality . Since \(\mathsf {o}<\mathsf {pr}_{}(\varGamma ')\) and \(\mathsf {pr}_{}({A}^{\perp }) = \mathsf {o}\), it must be that \({A}^{\perp }\) is in another proof. Let it be \(\pi _h\) for \(h\in [m]\) and \(h\ne k\). Then we apply Lemma 2 to \(\pi _k\) and \(\pi _h\), obtaining a proof which we use to construct \(\tau '\), as we did in the previous case.    \(\square \)

Lemma 4

Given a proof \(\tau \) of \(\ \vdash \varGamma \), such that \(d(\tau )> 0\), then for some \(t\geqslant 0\) there is a proof \(\tau '\) of \(\ \vdash \mathop {\uparrow ^{t}}\varGamma \) such that \(d(\tau ') < d(\tau )\).

Proof

By induction on \(h(\tau )\). We have the following cases.

− If \(\tau \) ends in a \(\small \textsc {Maxicut}\) whose degree is the same as the degree of \(\tau \):

figure z

we can apply the induction hypothesis to the subproofs of \(\tau \) right before the last \(\small \textsc {Mix}\) preceding the sequence of \(\small \textsc {Cycle}\). This allows us to reduce their degrees to become smaller than \(d(\tau )\). Then we use Lemma 3.

− Otherwise, by using the inductive hypothesis on the immediate subproofs to reduce their degree, we also reduce the degree of the whole proof.    \(\square \)

Theorem 1

( -Elimination). Given any proof of \(\ \vdash \varGamma \), we can construct a \(\small \textsc {Cycle}\)-free proof of \(\ \vdash \mathop {\uparrow ^{t}}\varGamma \), for some \(t\geqslant 0\).

Proof

Iteration on Lemma 4.   \(\square \)

\(\small \textsc {Cycle}\)-elimination increases the priorities of the propositions in \(\varGamma \). This is solely due to the (logical part of) our commuting conversions in Sect. 3.

4.2 Deadlock-Freedom for PCP

Theorem 2

(Subject Reduction). If \(P\vdash \varGamma \) and \(P\longrightarrow Q\), then \(Q\vdash \mathop {\uparrow ^{t}}\varGamma \), for some \(t\geqslant 0\).

Proof

Follows from the \(\beta \)-reductions and commuting conversions in Sect. 3.   \(\square \)

Definition 9

A process is a \(\small \textsc {Cycle}\) if it is of the form \(({\varvec{\nu }} {x}^{A}{y}) P\).

Theorem 3

(Top-Level Deadlock-Freedom). If \(P\vdash \varGamma \) and P is a \(\small \textsc {Cycle}\), then there is some Q such that \(P\longrightarrow ^*Q\) and Q is not a \(\small \textsc {Cycle}\).

Proof

The interpretation of Lemma 3 for PCP is that either (i) a top-level communication occurs, corresponding to a \(\beta \)-reduction, or (ii) commuting conversions are used to push \(\small \textsc {Cycle}\) further inwards in a process. Consequently, iterating Lemma 3 results in eliminating top-level \(\small \textsc {Cycle}\)s.    \(\square \)

Eliminating all \(\small \textsc {Cycle}\)s, as specified by Theorem 1, would correspond to a semantics in which reduction occurs under prefixes, as discussed by Wadler [41]. In order to achieve this, we would need to introduce additional congruence rules, such as:

figure aa

and similarly for other actions. Reductions of this kind are not present in the \(\pi \)-calculus, and we also omit them in our framework.

However, we can eliminate all \(\small \textsc {Cycle}\)s in a proof of \(\vdash \emptyset \), corresponding to full deadlock-freedom for closed processes. Kobayashi’s type system [32] satisfies the same property.

Theorem 4

(Deadlock-Freedom for Closed Processes). If \(P\vdash \emptyset \), then either \(P\equiv {\varvec{0}}\) or there is Q such that \(P\longrightarrow Q\).

Proof

This follows from Theorems 2 and 3, because if \(Q\vdash \emptyset \) and Q is not a \(\small \textsc {Cycle}\) then Q must be a parallel composition of \({\varvec{0}}\) processes.   \(\square \)

5 Related Work and Conclusion

\(\small \textsc {Cycle}\) and \(\small \textsc {Multicut}\) rules were explored by Abramsky et al. [2,3,4] in the context of \(*\)-autonomous categories. That work is not directly comparable with ours, as it only presented a typed semantics for CCS-like processes and did not give a type system for a language or a term assignment for a logical system. Atkey et al. [5] added a \(\small \textsc {Multicut}\) rule to CP, producing an isomorphism between \(\otimes \) and , but they did not consider deadlock-freedom.

In Kobayashi’s original type-theoretic approach to deadlock-freedom [29], priorities were abstract tags from a partially ordered set. In later work abstract tags were simplified to natural numbers, and priorities were replaced by pairs of obligations and capabilities [30, 32]. The latter change allows more processes to be typed, at the expense of a more complex type system. Padovani [36] adapted Kobayashi’s approach to session types, and later on he simplified it to a single priority for linear \(\pi \)-calculus [37]. Then, the single priority technique can be transferred to session types by the encoding of session types into linear types [16, 17, 19, 33]. For simplicity, we have opted for single priorities, as Padovani [37].

The first work on progress for session types, by Dezani-Ciancaglini et al. [15, 22], guaranteed the property by allowing only one active session at a time. Later work [21] introduced a partial order on channels in Kobayashi-style [29]. Bettini et al. [9] applied similar ideas to multiparty session types. The main difference with our work is that we associate priorities with individual communication operations, rather than with entire channels. Carbone et al. [13] proved that progress is a compositional form of lock-freedom and introduced a new technique for progress in session types by adopting Kobayashi’s type system and the encoding of session types [19]. Vieira and Vasconcelos [40] used single priorities and an abstract partial order in session types to guarantee deadlock-freedom.

The linear logic approach to deadlock-free session types started with Caires and Pfenning [12], based on dual intuitionistic linear logic, and was later formulated for classical linear logic by Wadler [41]. All subsequent work on linear logic and session types enforces deadlock-freedom by forbidding cyclic connections. In their original work, Caires and Pfenning commented that it would be interesting to compare process typability in their system with other approaches including Kobayashi’s and Dezani-Ciancaglini’s. However, we are aware of only one comparative study of the expressivity of type systems for deadlock-freedom, by Dardha and Pérez [20]. They compared Kobayashi-style typing and CLL typing, and proved that CLL corresponds to Kobayashi’s system with the restriction that only single cuts, not multicuts, are allowed.

In this paper, we have presented a new logic, priority-based linear logic (PLL), and a term assignment system, priority-based CP (PCP), that increase the expressivity of deadlock-free session type systems, by combining Caires and Pfenning’s linear logic-based approach and Kobayashi’s priority-based type system. The novel feature of PLL and PCP is \(\small \textsc {Cycle}\), which allows cyclic process structures to be formed if they do not violate ordering conditions on the priorities of prefixes. Following the propositions-as-types paradigm, we prove a \(\small \textsc {Cycle}\)-elimination theorem analogous to the standard \(\small \textsc {Cut}\)-elimination theorem. As a result of this theorem, we obtain deadlock-freedom for a class of \(\pi \)-calculus processes which is larger than the class typed by Caires and Pfenning. In particular, these are processes that typically share more than one channel in parallel.

There are two main directions for future work. First, develop a type system for a functional language, priority-based GV, and translate it into PCP, along the lines of Lindley and Morris’ [34] translation of GV [41] into CP. Second, extend PCP to allow recursion and sharing [6], in order to support more general concurrent programming, while maintaining deadlock-freedom, as well as termination, or typed behavioural equivalence.