Prioritise the Best Variation

Binary session types guarantee communication safety and session fidelity, but alone they cannot rule out deadlocks arising from the interleaving of different sessions. In Classical Processes (CP)$-$a process calculus based on classical linear logic$-$deadlock freedom is guaranteed by combining channel creation and parallel composition under the same logical cut rule. Similarly, in Good Variation (GV)$-$a linear concurrent $\lambda$-calculus$-$deadlock freedom is guaranteed by combining channel creation and thread spawning under the same operation, called fork. In both CP and GV, deadlock freedom is achieved at the expense of expressivity, as the only processes allowed are tree-structured. Dardha and Gay define Priority CP (PCP), which allows cyclic-structured processes and restores deadlock freedom by using priorities, in line with Kobayashi and Padovani. Following PCP, we present Priority GV (PGV), a variant of GV which decouples channel creation from thread spawning. Consequently, we type cyclic-structured processes and restore deadlock freedom by using priorities. We show that our type system is sound by proving subject reduction and progress. We define an encoding from PCP to PGV and prove that the encoding preserves typing and is sound and complete with respect to the operational semantics.


Introduction
Session types [Hon93,THK94,HVK98] are a type formalism that ensures communication channels are used according to their protocols, much like, e.g., data types ensure that functions are used according to their signature.Session types have been studied in many settings.Most notably, they have been defined for the π-calculus [Hon93, THK94, HVK98], a foundational calculus for communication and concurrency, and the concurrent λ-calculi [GV10], including the main focus of our paper: Good Variation [Wad15, LM15, GV].
GV is a concurrent λ-calculus with binary session types, where each channel is shared between exactly two processes.Binary session types guarantee two crucial properties: communication safety-e.g., if the protocol says to transmit an integer, you transmit an integer-and session fidelity-e.g., if the protocol says send, you send.A third crucial property is deadlock freedom, which ensures that processes do not have cyclic dependenciese.g., when two processes wait for each other to send a value.Binary session types alone are insufficient to rule out deadlocks arising from interleaved sessions, but several additional techniques have been developed to guarantee deadlock freedom in session-typed π-calculus and concurrent λ-calculus.
In the π-calculus literature, there have been several developments of Curry-Howard correspondences between session-typed π-calculus and linear logic [Gir87]: Caires and Pfenning's πDILL [CP10] corresponds to dual intuitionistic linear logic [Bar96], and Wadler's Classical Processes [Wad14,CP] corresponds to classical linear logic [Gir87,CLL].Both calculi guarantee deadlock freedom, which they achieve by the combination of binary session types with a restriction on the way processes can be connected by channels: two processes can share at most one channel, and, more generally, information transmitted between any two processes must pass through one unique series of channels and intermediate processes.
We refer to such processes as tree-structured, because the communication graph-where the vertices are ready processes and two vertices are connected by an edge if and only if the corresponding processes share a channel-is a tree.For πDILL, CP, and GV, treestructure follows from a syntactic restriction: the combination of name restriction and parallel composition into a single syntactic construct, corresponding to the logical cut.
There are many downsides to combining name restriction and parallel composition, such as lack of modularity, difficulty typing structural congruence and formulating label-transition semantics.GV, specifically, struggles with a complicated metatheory due to the mismatch between its term language-where restriction and parallel composition are combined-and its configuration language-where they are not.There have been various approaches to decoupling restriction and parallel composition.Hypersequent CP [MP18, KMP19a, KMP19b, HCP], Hypersequent GV [FKD + 21], and Linear Compositional Choreographies [CMS18] decouple them, but maintain the tree-structure of processes and a correspondence to linear logic, e.g., while the typing rules for HCP are no longer exactly the proof rules for CLL, every typing derivations in HCP is isomorphic a proof in CLL, and vice versa.Priority CP [DG18b,PCP] weakens the correspondence to CLL.PCP is a non-conservative extension of CLL: every proof in CLL can be translated to a typing derivation in PCP [DP22], but PCP can prove strictly more theorems, including (partial) bijections between several CLL connectives.In exchange, PCP has a much more expressive language which allows cyclic-structured processes.PCP decouples CP's cut rule into two separate constructs: one for parallel composition via a mix rule, and one for name restriction via a cycle rule.To restore deadlock freedom, PCP uses priorities [Kob06,Pad14].Priorities encode the order of actions and rule out bad cyclic interleavings.Dardha and Gay [DG18b] prove cycle-elimination for PCP, adapting the cut-elimination proof for classical linear logic, and deadlock freedom follows as a corollary.
CP and GV are related via a pair of translations which satisfy simulation [LM16], and which can be tweaked to satisfy operational correspondence.The two calculi share the same strong guarantees.GV achieves deadlock freedom via a similar syntactic restriction: it combines channel creation and thread spawning into a single operation, called "fork", which is related to the cut construct in CP.Unfortunately, as with CP, this syntactic restriction has its downsides.
Our aim is to develop a more expressive version of GV while maintaining deadlock freedom.While process calculi have their advantages, e.g., their succinctness compared to concurrent λ-calculi, we chose to work with GV for several reasons.In general, concurrent λ-calculi support higher-order functions, and have a capability for abstraction not usually present in process calculi.Within a concurrent λ-calculus, one can derive extensions of the communication capabilities of the language via well-understood extensions of the functional fragment, e.g., we can derive internal/external choice from sum types.Concurrent λ-calculi, among other languages, maintain a clear separation between the program which the user writes and the configurations which represent the state of the system as it evaluates the program.However, our main motivation is that results obtained for λ-calculi transfer more easily to real-world functional programming languages.Case in point: we easily adapted the type system of PGV to Linear Haskell [BBN + 18], which gives us a library for deadlock-free session-typed programming [KD21a].The benefit of working specifically with GV, as opposed to other concurrent λ-calculi, is its relation to CP [Wad14], and its formal properties, including deadlock freedom.
We thus pose our research question for GV: RQ: Can we design a more expressive GV which guarantees deadlock freedom for cyclic-structured processes?
We follow the line of work from CP to Priority CP, and present Priority GV (PGV), a variant of GV which decouples channel creation from thread spawning, thus allowing cyclic-structured processes, but which nonetheless guarantees deadlock freedom via priorities.This closes the circle of the connection between CP and GV [Wad14], and their priority-based versions, PCP [DG18b] and PGV.We cannot straightforwardly adapt the priority typing from PCP to PGV, as PGV adds higher-order functions.Instead, the priority typing for PGV follow the work by Padovani and Novara [PN15].
We addresses several problems in the original GV language, most notably: (a) PGV does not require the pseudo-type S ♯ ; (b) Structural congruence is type preserving.PGV answers our research question positively as it allows cyclic-structured binary session-typed processes that are deadlock free.
To obtain a tight correspondence, we update PCP, moving away from commuting conversions and reduction as cut elimination towards reduction based on structural congruence, as it is standard in process calculi.This paper is an improved and extended version of a paper published at FORTE 2021 international conference [KD21b].We present detailed examples and complete proofs of our technical results.

Priority GV
We present Priority GV (PGV), a session-typed functional language based on GV [Wad15,LM15] which uses priorities à la Kobayashi and Padovani [Kob06,PN15] to enforce deadlock freedom.Priority GV is more flexible than GV because it allows processes to share more than one communication channel.
We illustrate this with two programs in PGV, Example 2.1 and Example 2.2.Each program contains two processes-the main process, and the child process created by spawnwhich communicate using two channels.The child process receives a unit over the channel x/x ′ , and then sends a unit over the channel y/y ′ .The main process does one of two things: (a) in Example 2.1, it sends a unit over the channel x/x ′ , and then waits to receive a unit over the channel y/y ′ ; (b) in Example 2.2, it does these in the opposite order, which results in a deadlock.PGV is more expressive than GV: Example 2.1 is typeable and guaranteed to be deadlock-free in PGV, but is not typeable in GV [Wad14] and not guaranteed deadlock-free in GV's predecessor [GV10].We believe PGV is a non-conservative extension of GV, as CP can be embedded in a Kobayashi-style system [DP18].

Syntax of Types and Terms.
Session types.Session types (S) are defined by the following grammar: Session types !o T.S and ?o T.S describe the endpoints of a channel over which we send or receive a value of type T , and then proceed as S. Types end o ! and end o ?describe endpoints of a channel whose communication has finished, and over which we must synchronise before closing the channel.Each connective in a session type is annotated with a priority o ∈ N.
Types.Types (T , U ) are defined by the following grammar: Types T × U , 1, T + U , and 0 are the standard linear λ-calculus product type, unit type, sum type, and empty type.Type T ⊸ p,q U is the standard linear function type, annotated with priority bounds p, q ∈ N ∪ {⊥, ⊤}.Every session type is also a type.Given a function with type T ⊸ p,q U , p is a lower bound on the priorities of the endpoints captured by the body of the function, and q is an upper bound on the priority of the communications that take place as a result of applying the function.The type of pure functions T ⊸ U , i.e., those which perform no communications, is syntactic sugar for T ⊸ ⊤,⊥ U .The lower bound for a pure function is ⊤ as pure functions never start communicating.For similar reasons, the upper bound for a pure function is ⊥.
We postulate that the only function types-and, consequently, sequents-that are inhabited in PGV are pure functions and functions T ⊸ p,q U for which p < q.
Terms.Terms (L, M , N ) are defined by the following grammar: Let x, y, z, and w range over variable names.Occasionally, we use a, b, c, and d.The term language is the standard linear λ-calculus with products, sums, and their units, extended with constants K for the communication primitives.
Constants are best understood in conjunction with their typing and reduction rules in Figs. 1 and 2.
Briefly, link links two endpoints together, forwarding messages from one to the other, new creates a new channel and returns a pair of its endpoints, and spawn spawns off its argument as a new thread.
The send and recv functions send and receive values on a channel.However, since the typing rules for PGV ensure the linear usage of endpoints, they also return a new copy of the endpoint to continue the session.
The close and wait functions close a channel.We use syntactic sugar to make terms more readable: we write let x = M in N in place of (λx.N ) M , λ().M in place of λz.z; M , and λ(x, y).M in place of λz.let (x, y) = z in M .We can recover GV's fork as λx.let (y, z) = new () in spawn (λ().xy); z.
Internal and External Choice.Typically, session-typed languages feature constructs for internal and external choice.In GV, these can be defined in terms of the core language, by sending or receiving a value of a sum type [LM15].We use the following syntactic sugar for internal (S ⊕ o S ′ ) and external (S & o S ′ ) choice and their units: As the syntax for units suggests, these are the binary and nullary forms of the more common n-ary choice constructs ⊕ o {l i : S i } i∈I and & o {l i : S i } i∈I , which one may obtain generalising the sum types to variant types.For simplicity, we present only the binary and nullary forms.
Similarly, we use syntactic sugar for the term forms of choice, which combine sending and receiving with the introduction and elimination forms for the sum and empty types.There are two constructs for binary internal choice, expressed using the meta-variable ℓ which ranges over {inl, inr}.As there is no introduction for the empty type, there is no construct for nullary internal choice: Configurations.Priority GV terms are evaluated as part of a configuration of processes.Configurations are defined by the following grammar: Configurations (C, D, E) consist of threads ϕ M , parallel compositions C ∥ D, and name restrictions (νxx ′ )C.To preserve the functional nature of PGV, where programs return a single value, we use flags (ϕ) to differentiate between the main thread, marked •, and child threads created by spawn, marked •.Only the main thread returns a value.We determine the flag of a configuration by combining the flags of all threads in that configuration: To distinguish between the use of • to mark child threads [LM15] and the use of the meta-variable o for priorities [DG18b], they are typeset in a different font and colour.
Values.Values (V , W ), evaluation contexts (E), thread evaluation contexts (F), and configuration contexts (G) are defined by the following grammars: Values are the subset of terms which cannot reduce further.Evaluation contexts are one-hole term contexts, i.e., terms with exactly one hole, written □.We write E[M ] for the evaluation context E with its hole replaced by the term M .Evaluation contexts are specifically those one-hole term contexts under which term reduction can take place.Thread contexts are a convenient way to lift the notion of evaluation contexts to threads.We write F[M ] for the thread context F with its hole replaced by the term M .Configuration contexts are one-hole configuration contexts, i.e., configurations with exactly one hole, written □.Specifically, configuration contexts are those one-hole term contexts under which configuration reduction can take place.The definition for G only gives the case in which the hole is in the left-most parallel process, i.e., it only defines G ∥ C and not C ∥ G.The latter is not needed, as ∥ is symmetric under structural congruence, though it would be harmless to add.We write G[C] for the evaluation context G with its hole replaced by the term C. Term reduction is the standard call-by-value, left-to-right evaluation for GV, and only deviates from reduction for the linear λ-calculus in that it reduces terms to values or ready terms waiting to perform a communication action.

Reduction
Configuration reduction resembles evaluation for a process calculus: E-Link, E-Send, and E-Close perform communications, E-LiftC allows reduction under configuration contexts, and E-LiftSC embeds a structural congruence ≡.The remaining rules mediate between the process calculus and the functional language: E-New and E-Spawn evaluate the new and spawn constructs, creating the equivalent configuration constructs, and E-LiftM embeds term reduction.
Structural congruence satisfies the following axioms: SC-LinkSwap allows swapping channels in the link process.SC-ResLink allows restriction to be applied to link which is structurally equivalent to the terminated process, thus allowing elimination of unnecessary restrictions.SC-ResSwap allows swapping channels and SC-ResComm states that restriction is commutative.SC-ResExt is the standard scope extrusion rule.Rules SC-ParNil, SC-ParComm and SC-ParAssoc state that parallel composition uses the terminated process as the neutral element; it is commutative and associative.
While our configuration reduction is based on the standard evaluation for GV, the increased expressiveness of PGV allows us to simplify the relation on two counts.
(i) We decompose the fork construct.In GV, fork creates a new channel, spawns a child thread, and, when the child thread finishes, it closes the channel to its parent.In PGV, these are three separate operations: new, spawn, and close.We no longer require that every child thread finishes by returning a terminated channel.Consequently, we also simplify the evaluation of the link construct.
Intuitively, evaluating link causes a substitution: if we have a channel bound as (νxy), then link (w, x) replaces all occurrences of y by w.However, in GV, link is required to return a terminated channel, which means that the semantics for link must create a fresh channel of type end !/end ? .The endpoint of type end ! is returned by the link construct, and a wait on the other endpoint guards the actual substitution.In PGV, evaluating link simply causes a substitution.(ii) Our structural congruence is type preserving.Consequently, we can embed it directly into the reduction relation.In GV, this is not the case, and subject reduction relies on proving that if the result of rewriting via ≡ followed by reducing via −→ C is an ill-typed configuration, we can rewrite it to a well-typed configuration via ≡.

Static Typing Rules.
T-Var Terms Typing.Typing rules for terms are at the top of Fig. 2. Terms are typed by a judgement Γ ⊢ p M : T stating that "a term M has type T and an upper bound on its priority p under the typing environment Γ".Typing for the linear λ-calculus is standard.Linearity is ensured by splitting environments on branching rules, requiring that the environment in the variable rule consists of just the variable, and the environment in the constant and unit rules are empty.Constants K are typed using type schemas, which hold for any concrete assignment of types and priorities to their meta-variables.Instantiated type schemas are embedded into typing derivations using T-Const in Fig. 2, e.g., the type schema for send can be instantiated with o = 2, T = 1, and S = 0, and embedded using T-Const to give the following typing derivation: The typing rules treat all variables as linear resources, even those of non-linear types such as 1, though they can easily be extended to allow values with unrestricted usage [Wad14].
The only non-standard feature of the typing rules is the priority annotations.Priorities are based on obligations/capabilities used by Kobayashi [Kob06], and simplified to single priorities following Padovani [Pad14].The integration of priorities into GV is adapted from Padovani and Novara [PN15].Paraphrasing Dardha and Gay [DG18b], priorities obey the following two laws: (i) an action with lower priority happens before an action with higher priority; and (ii) communication requires equal priorities for dual actions.
In PGV, we keep track of a lower and upper bound on the priorities of a term, i.e., while evaluating the term, when it starts communicating, and when it finishes, respectively.The upper bound is written on the sequent and the lower bound is approximated from the typing environment, e.g., for Γ ⊢ p M : T the upper bound is p and the lower bound is at least pr(Γ).The latter is correct because a term cannot communicate at a priority earlier than the earliest priority amongst the channels it has access to.It is an approximation on function terms, as these can "skip" communication by returning the corresponding channel unused.However, linearity prevents such functions from being used in well typed configurations: once the unused channel's priority has passed, it can no longer be used.
Typing rules for sequential constructs enforce sequentiality, e.g., the typing for M ; N has a side condition which requires that the upper bound of M is smaller than the lower bound of N , i.e., M finishes before N starts.The typing rule for new ensures that both endpoints of a channel share the same priorities.Together, these two constraints guarantee deadlock freedom.
To illustrate this, let's go back to the deadlocked program in Example 2.2.Crucially, it composes the terms below in parallel.While each of these terms itself is well typed, they impose opposite conditions on the priorities, so connecting x to x ′ and y to y ′ using T-Res is ill-typed, as there is no assignment to o and o ′ that can satsify both o < o ′ and o ′ < o.
(We omit the priorities on end !and end ?.) Closures suspend communication, so T-Lam stores the priority bounds of the function body on the function type, and T-App restores them.For instance, λx.send (x, y) is assigned the type A ⊸ o,o S, i.e., a function which, when applied, starts and finishes communicating at priority o.
For simplicity, we assume priority annotations are not inferred, but provided as an input to type checking.However, for any term, priorities can be inferred, e.g., by using the topological ordering of the directed graph where the vertices are the priority meta-variables and the edges are the inequality constraints between the priority meta-variables in the typing derivation.
Configurations Typing.Typing rules for configurations are at the bottom of Fig. 2. Configurations are typed by a judgement Γ ⊢ ϕ C stating that "a configuration C with flag ϕ is well typed under typing environment Γ".Configuration typing is based on the standard typing for GV.Terms are embedded either as main or as child threads.The priority bound from the term typing is discarded, as configurations contain no further blocking actions.Main threads are allowed to return a value, whereas child threads are required to return the unit value.Sequents are annotated with a flag ϕ, which ensures that there is at most one main thread.
While our configuration typing is based on the standard typing for GV, it differs on two counts: (i) we require that child threads return the unit value, as opposed to a terminated channel; and (ii) we simplify typing for parallel composition.
In order to guarantee deadlock freedom, in GV each parallel composition must split exactly one channel of the channel pseudo-type S ♯ into two endpoints of type S and S. Consequently, associativity of parallel composition does not preserve typing.In PGV, we guarantee deadlock freedom using priorities, which removes the need for the channel pseudotype S ♯ , and simplifies typing for parallel composition, while restoring type preservation for the structural congruence.
Proof.By induction on the derivation of Γ ⊢ o V : T .
Case T-Var.Immediately.
Proof.By induction on the derivation of Γ, x : U ′ ⊢ p M : T .
x : Case T-App.There are two subcases: Subcase x ∈ M .Immediately, from the induction hypothesis.
Γ, x : There are two subcases: Subcase x ∈ M .Immediately, from the induction hypothesis.
There are two subcases: Subcase x ∈ M .Immediately, from the induction hypothesis.
Case T-LetPair.There are two subcases: Subcase x ∈ M .Immediately, from the induction hypothesis.
There are two subcases: Subcase x ∈ L. Immediately, from the induction hypothesis.
We omit the cases where x ̸ ∈ M , as they are straightforward.
Proof.The proof closely follows the standard proof of subject reduction for the simply-typed linear λ-calculus, as the constants are uninterpreted by the term reduction (−→ M ) and priority constraints are maintained consequence of § 3.1.By induction on the derivation of M −→ M M ′ .
Immediately by induction on the evaluation context E. Case SC-ResLink.
Γ, x : S, y : S, z : S ′ , w : Proof.By induction on the derivation of C −→ C C ′ .
Case E-New.
Case E-LiftC.By induction on the evaluation context G.
Figure 6: Subject Reduction (E-Send) 3.2.Progress and Deadlock Freedom.PGV satisfies progress, as PGV configurations either reduce or are in normal form.However, the normal forms may seem surprising at first, as evaluating a well-typed PGV term does not necessarily produce just a value.If a term returns an endpoint, then its normal form contains a thread which is ready to communicate on the dual of that endpoint.This behaviour is not new to PGV.Let us consider an example, adapted from Lindley and Morris [LM15], in which a term returns an endpoint linked to an echo server.The echo server receives a value and sends it back unchanged.Consider the program which creates a new channel, with endpoints x and x ′ , spawns off an echo server listening on x, and then returns x ′ : If we reduce the above program, we get (νxx ′ )(• echo x ∥ • x ′ ).Clearly, no more evaluation is possible, even though the configuration contains the thread • echo x , which is blocked on x.In Corollary 3.14 we will show that if a term does not return an endpoint, it must produce only a value.
Actions are terms which perform communication actions and which synchronise between two threads.Definition 3.6.A term acts on an endpoint x if it is send (V, x), recv x, close x, or wait x.A term is an action if it acts on some endpoint x.
Ready terms are terms which perform communication actions, either by themselves, e.g., creating a new channel or thread, or with another thread, e.g., sending or receiving.It is worth mentioning that the notion of readiness presented here is akin to live processes introduced by Caires and Pfenning [CP10,DP22], and poised processes introduced by Pfenning and Griffith [PG15] and later used by Balzer et al. [BP17,BTP19].Ready processes like live/poised processes denote processes that are ready to communicate on their providing channel.
where M is of the form new, spawn N , link (x, y), or M acts on x.In the latter case, we say that L is ready to act on x or is blocked on.
Progress for the term language is standard for GV, and deviates from progress for linear λ-calculus only in that terms may reduce to values or ready terms, where the definition of ready terms encompasses all terms whose reduction is struck on some constant K.
Lemma 3.8.If Γ ⊢ p M : T and Γ contains only session types, then: (i) M is a value; (ii) M −→ M N for some N ; or (iii) M is ready.
With "Γ contains only session types" we mean that for every x : T ∈ Γ, T is a session type, i.e., is of the form S.
Canonical forms deviate from those for GV, in that we opt to move all ν-binders to the top.The standard GV canonical form, alternating ν-binders and their corresponding parallel compositions, does not work for PGV, since multiple channels may be split across a single parallel composition.
A configuration either reduces, or it is equivalent to configuration in normal form.Crucial to the normal form is that each term M i is blocked on the corresponding channel x i , and hence no two terms act on dual endpoints.Furthermore, no term M i can perform a communication action by itself, since those are excluded by the definition of actions.Finally, as a corollary, we get that well-typed terms which do not return endpoints return just a value: where no term M i is a value.Lemma 3.10.If Γ ⊢ • C, there exists some D such that C ≡ D and D is in canonical form.
Proof.We move any ν-binders to the top using SC-ResExt, discard any superfluous occurrences of • () using SC-ParNil, and move the main thread to the rightmost position using SC-ParComm and SC-ParAssoc.
Priorities.The function pr(•) returns smallest priority of a type.As with PGV, the type system guarantees that the top-most connective always holds the smallest priority.The function pr(•) returns the minimum priority of all types a typing context, or ⊤ if the context is empty: Terms.Processes (P , Q) in PCP are defined by the following grammar.
Process x↔y links endpoints x and y and forwards communication from one to the other.(νxy)P , (P ∥ Q) and 0 denote respectively the restriction processes where channel endpoints x and y are bound together and with scope P , the parallel composition of processes P and Q and the terminated process.
Processes x[y].P and x(y).P send or receive over channel x a value y and proceed as process P .Processes x[].P and x().P send and receive an empty value-denoting the closure of channel x, and continue as P .
Processes x ◁ inl.P and x ◁ inr.P make a left and right choice, respectively and proceed as process P .Dually, x ▷ {inl : P ; inr : Q} offers both left and right branches, with continuations P and Q, and x ▷ {} is the empty offer.
We write unbound send as x⟨y⟩.P , which is syntactic sugar for x[z].(y↔z∥ P ).Alternatively, we could take x⟨y⟩.P as primitive, and let x[y].P be syntactic sugar for (νyz)(x⟨z⟩.P ).CP takes bound sending as primitive, as it is impossible to eliminate the top-level cut in terms such as (νyz)(x⟨z⟩.P ), even with commuting conversions.In our setting without commuting conversions and with more permissive normal forms, this is no longer an issue, but, for simplicity, we keep bound sending as primitive.
On Commuting Conversions.The main change we make to PCP is removing commuting conversions.Commuting conversions are necessary if we want our reduction strategy to correspond exactly to cut (or cycle in [DG18b]) elimination.However, as Lindley and Morris [LM15] show, all communications that can be performed with the use of commuting conversions, can also be performed without them, but using structural congruence.
From the perspective of process calculi, commuting conversions behave strangely.Consider the commuting conversion (κ `) for x(y).P : As a result of (κ `), Q becomes blocked on x(y), and any actions Q was able to perform become unavailable.Consequently, CP is non-confluent: In PCP, commuting conversions break our intuition that an action with lower priority occurs before an action with higher priority.To cite Dardha and Gay [DG18b] "if a prefix on a channel endpoint x with priority o is pulled out at top level, then to preserve priority constraints in the typing rules [..], it is necessary to increase priorities of all actions after the prefix on x" by o + 1. 4.2.Operational Semantics.The operational semantics for PCP, given in Fig. 7, is defined as a reduction relation =⇒ on processes (bottom) and uses structural congruence (top).Each of the axioms of structural congruence corresponds to the axiom of the same name for PGV.We write =⇒ + for the transitive closures, and =⇒ ⋆ for the reflexive-transitive closures.
The reduction relation is given by a set of axioms and inference rules for context closure.Reduction occurs under restriction.E-Link reduces a parallel composition with a link into a substitution.E-Send is the main communication rule, where send and receive processes sychronise and reduce to the corresponding continuations.E-Close follows the previous rule and it closes the channel identified by endpoints x and y.E-Select-Inl and E-Select-Inr are generalised versions of E-Send.They state respectively that a left and right selection synchronises with a choice offering and reduces to the corresponding continuations.The last three rules state that reduction is closed under restriction, parallel composition and structural congruence, respectively.4.3.Typing Rules. Figure 8 gives the typing rules for our version of PCP.A typing judgement P ⊢ Γ states that "process P is well typed under the typing context Γ".T-Link states that the link process x↔y is well typed under channels x and y having dual types, respectively A and A ⊥ .T-Res states that the restriction process (νxy)P is well typed under typing context Γ if process P is well typed in Γ augmented with channel endpoints x and y having dual types, respectively A and A ⊥ .T-Par states that the parallel composition of processes P and Q is well typed under the disjoint union of their respective typing contexts.T-Halt states that the terminated process 0 is well typed in the empty context.
T-Send and T-Recv state that the sending and receiving of a bound name y over a channel x is well typed under Γ and x of type A ⊗ o B, respectively A `o B. Priority o is the smallest among all priorities of the types used by the output or input process, captured by the side condition o < pr(Γ, A, B).
Rules T-Close and T-Wait type the closure of channel x and are in the same lines as the previous two rules, requiring that the priority of channel x is the smallest among all priorities in Γ.
T-Select-Inl and T-Select-Inr type respectively the left x ◁ inl.P and right x ◁ inr.P choice performed on channel x.T-Offer and T-Offer-Absurd type the offering of a choice, or empty choice, on channel x.In all the above rules the priority o of channel x is the smallest with respect to the typing context o < pr(Γ) and types involved in the choice o < pr(Γ, A, B).
Figure 9 shows how syntactic sugar in PCP is well typed.Finally, since our reduction relation is a strict subset of the reduction relation in the original [DG18b], we defer to their proof of subject reduction (Theorem 2 in [DG18b]).We prove progress for our version of PCP, see § 4.5.4.4.PCP and PLL.In this subsection, we highlight the connection between PCP and linear logic.Dardha and Gay [DG18a] present PCP-consequently also PCP given in this paper-in a way which can be viewed both as Classical Processes with restriction (T-Res) and parallel composition (T-Par) typing rules, and as a new version of linear logic, which they call Priority Linear Logic (PLL).PLL builds on CLL by replacing the cut rule with two logical rules: a mix and a cycle rule-here corresponding to T-Par and T-Res, respectively.Dardha and Gay [DG18a, §4] prove cycle-elimination, in the same lines as cut-elimination for CLL.As a corollary of cycle-elimination for PLL, we obtain deadlock freedom for PCP (Theorem 3 in [DG18a, §4]).In summary, PLL is an extension of CLL and the authors show the correspondence of PCP and PLL.Notice however, that PCP is not in correspondence with CLL itself, since processes in PCP are graphs, whether CLL induces trees.4.5.Technical Developments.Definition 4.1.A process acts on an endpoint x if it is x↔y, y↔x, x[y].P , x(y).P , x[].P , x().P , x ◁ inl.P , x ◁ inr.P , x ▷ {inl : P ; inr : Q}, or x ▷ {}.A process is an action if it acts on some endpoint x.Definition 4.2.A process P is in canonical form if it is either 0 or of the form (νx where m > 0 and each P j is an action.Lemma 4.3.If P ⊢ Γ, there exists some Q such that P ≡ Q and Q is in canonical form.
Proof.If P = 0, we are done.Otherwise, we move any ν-binders to the top using SC-ResExt, and discard any superfluous occurrences of 0 using SC-ParNil.
The proof for progress (below) follows the same reasoning by Kobayashi [Kob06] used in the proof of deadlock freedom for closed processes (Theorem 2).
Theorem 4.4.If P ⊢ ∅, then either P = 0 or there exists a Q such that P =⇒ Q.
Proof (Sketch).This proof follows the exact same reasoning and proof sketch given by Kobayashi in [Kob06] and later adopted by Dardha and Gay for PCP in their technical report [DG18b].
The translation • M translates processes to terms and maps the π-calculus constructs from PCP to the corresponding constants in PGV: x ▷ {inl : P ; inr : Unfortunately, the operational correspondence along • M is unsound, as it translates ν-binders and parallel compositions to new and spawn, which can reduce to their equivalent configuration constructs using E-New and E-Spawn.The same goes for ν-binders which are inserted when translating bound send to unbound send.For instance, the process x[y].P is blocked, but its translation uses new and can reduce.To address this issue, we introduce a second translation, • C , which is equivalent to translating with • M then reducing with E-New and E-Spawn: (νxy)P C = (νxy)   T-Send None of the translation rules introduce an evaluation context around the recursive call, hence F must be □; P M .Similarly, F ′ must be □; Q M .Hence, we have: Case E-LiftC.By the induction hypothesis and E-LiftC.
Lemma 4.8.For any P , either: Proof.By induction on the structure of P .
Case (νxy)P .We have: and interfered multiparty sessions.The interaction type system allows to infer causalitiesmuch in the line of Kobayashi's priorities -of channels, thus guaranteeing that sessiontyped processes do not get stuck at intermediate stages of their sessions.Carbone and Montesi [CM13] combine MPST with choreographic programming and obtain a formalism that satisfies deadlock freedom.In the same vein as MPST, choreographic programming specifies communication among all participants in a distributed system.While MPST target mainly protocol descriptions, choreographies have mainly targetted implementations and programming languages as they are suitable for describing concrete system implementations.Deniélou and Yoshida [DY13] introduce multiparty compatibility, which generalises the notion of duality in binary session types.They synthesise safe and deadlock-free global typesspecifying communication among all involved participants, from local session types-specifying communication from the viewpoint of one participant.To do so, they leverage Labelled Transition Systems (LTSs) and communicating automata.Castellani et al. [CDGH20] guarantee livelock freedom, a stronger property than deadlock freedom, for MPST with internal delegation, where participants in the same session are allowed to delegate tasks to each other, and internal delegation is captured by the global type.Scalas and Yoshida [SY19] provide a revision of the foundations for MPST, and offer a less complicated and more general theory, by removing duality/consistency.The type systems is parametric and type checking is decidable, but allows for a novel integration of model checking techniques.More protocols and processes can be typed and are guaranteed to be free of deadlocks.
Neubauer and Thiemann [NT04] and Vasconcelos et al. [VRG04,VGR06] introduce the first functional language with session types.Such works did not guarantee deadlock freedom until GV [LM15,Wad14].Toninho et al. [TCP12] present a translation of simplytyped λ-calculus into session-typed π-calculus, but their focus is not on deadlock freedom.Fowler et al. [FKD + 21] present Hypersequent GV (HGV), which is a variation of GV that uses hyper-environments, much in the same line as Hypersequent CP, and enjoys deadlock freedom, confluence, and strong normalisation.
Ties with logic.The correspondence between logic and types lays the foundation for functional programming [Wad15].Since its inception by Girard [Gir87], linear logic has been a candidate for a foundational correspondence for concurrent programs.A correspondence with linear π-calculus was established early on by Abramsky [Abr94] and Bellin and Scott [BS94].Many years later, several correspondences between linear logic and the π-calculus with binary session types were proposed.Caires and Pfenning [CP10] propose a correspondence with dual intuitionistic linear logic, while Wadler [Wad12] proposes a correspondence with classical linear logic.Both works guarantee deadlock freedom as a consequence of adopting cut elimination.Building on a previous work [CP10], Toninho et al. [TCP13] present a Curry-Howard correspondence between session types and linear logic for functional language via linear contextual monads, which are first-class values, thus giving rise to a higher-order session-typed language.In addition to the more standard results, the authors also prove a global progress theorem.Qian et al. [QKB21] extend Classical Linear Logic with coexponentials, which allows to model servers receiving requests from an arbitrary set of clients, yielding an extension to the Curry-Howard correspondence between logic and session typed processes.Dardha and Gay [DG18b] define Priority CP by integrating Kobayashi and Padovani's work on priorities [Kob06,Pad14] with CP, which as described in the introduction, weakens its ties to linear logic in exchange for expressivity.However, they show how PCP can be also viewed as a an extension of linear logic, which they call Priority Linear Logic (PLL), and uses mix and cycle rules as opposed to the cut rule.Dardha and Pérez [DP18, DP15, DP22] compare priorities à la Kobayashi with tree restrictions à la CP, and show that the latter is a subsystem of the former.In addition, they give a detailed account of comparing several type systems for deadlock freedom spanning across session types, linear logic, and linear types.Carbone et al. [CMSY15, CLM + 16] give a logical view of MPST with a generalised duality.Caires and Pérez [CP16] give a presentation of MPST in terms of binary session types and the use of a medium process which guarantee protocol fidelity and deadlock freedom.Their binary session types are rooted in linear logic.Ciobanu and Horne [CH15] give the first Curry-Howard correspondence between MPST and BV [Gug07], a conservative extension of linear logic with a non-commutative operator for sequencing.Horne [Hor20] give a system for subtyping and multiparty compatibility where compatible processes are race free and deadlock free using a Curry-Howard correspondence, similar to the approach in [CH15].Balzer et al. [BP17] introduce sharing at the cost of deadlock freedom, which they restore using worlds, an approach similar to priorities [BTP19].Staying on sharing, Rocha and Caires [RC21] introduce an imperative feature, that of shared mutable states into a functional language based on Curry-Howard correspondence with linear logic.Their type system is thus able to capture programs which were not possible in previous works.The authors prove extensive technical results, including session fidelity, progress, confluence and normalisation.Lastly, Jacobs et al. [JBK22] present a novel technique to guarantee deadlock freedom based on the notion of connectivity graph, which is an abstract representation of the topology of concurrent systems, and separation logic used to substructurally treat connectivity graph edges and labels.
Conclusion and Future Work.We answered our research question by presenting Priority GV, a session-typed functional language which allows cyclic communication structures and uses priorities to ensure deadlock freedom.We showed its relation to Priority CP [DG18b] via an operational correspondence.
Our formalism so far only captures the core of GV.In future work, we plan to explore recursion, following Lindley and Morris [LM16] and Padovani and Novara [PN15], and sharing, following Balzer and Pfenning [BP17] or Voinea et al. [VDG19].
Relation.We factor the reduction relation of PGV into a deterministic reduction on terms (−→ M ) and a non-deterministic reduction on configurations (−→ C ), see Fig. 1.We write −→ + M and −→ + C for the transitive closures, and −→ ⋆ M and −→ ⋆ C for the reflexivetransitive closures.
[].P M = close x; P M x().P M = wait x; P M x[y].P M = let (y, z) = new () in let x = send (z, x) in P M x(y).P M = let (y, x) = recv x in P M x ◁ inl.P M = let x = select inl x in P Mx ◁ inr.P M = let x = select inr x in P M νyz)(• let x = close (send (inl y, x)); z in P M ) x ◁ inr.P C = (νyz)(• let x = close (send (inr y, x)); z in P M ) P C = • P M , if none of the above apply Typing environments are translated pointwise, and sequents P ⊢ Γ are translated as Γ ⊢ • P C , where • indicates a child thread, since translated processes do not have a main thread.The translations • M and • C preserve typing, and the latter induces a sound and complete operational correspondence.Lemma 4.5.If P ⊢ Γ, then Γ ⊢ p P M : 1. Proof.By induction on the derivation of P ⊢ Γ. Case T-Link, T-Res, T-Par, and T-Halt.See Fig. 10.Case T-Close, and T-Wait.See Fig. 11.Case T-Send.See Fig. 12. Case T-Recv.See Fig. 13.