\DOIPrefix

Università di Camerino, [email protected]://orcid.org/0000-0001-9097-1297 \CopyrightLuca Padovani \ccsdesc[500]Theory of computation Linear logic \ccsdesc[500]Theory of computation Process calculi \ccsdesc[300]Theory of computation Program analysis

On the Fair Termination of Client-Server Sessions

Luca Padovani l r i ) l r l r i i i i i i i i i i i , i i i

Abstract

Client-server sessions are based on a variation of the traditional interpretation of linear logic propositions as session types in which non-linear channels (those regulating the interaction between a pool of clients and a single server) are typed by coexponentials instead of the usual exponentials. Coexponentials enable the modeling of racing interactions, whereby clients compete to interact with a single server whose internal state (and thus the offered service) may change as the server processes requests sequentially. In this work we present a fair termination result for $\textsf{CSLL}^{\infty}$ , a core calculus of client-server sessions. We design a type system such that every well-typed term corresponds to a valid derivation in $\mu\textsf{MALL}^{\infty}$ , the infinitary proof theory of linear logic with least and greatest fixed points. We then establish a correspondence between reductions in the calculus and principal reductions in $\mu\textsf{MALL}^{\infty}$ . Fair termination in $\textsf{CSLL}^{\infty}$ follows from cut elimination in $\mu\textsf{MALL}^{\infty}$ .

keywords:

client-server sessions, linear logic, fixed points, fair termination, cut elimination

category:

\relatedversion

1 Introduction

Session types [Honda93, HondaVasconcelosKubo98, HuttelEtAl16] are descriptions of communication protocols enabling the static enforcement of a variety of safety and liveness properties, including the fact that communication channels are used according to their protocol (fidelity), that processes do not get stuck (deadlock freedom), that pending communications are eventually completed (livelock freedom), that sessions eventually end (termination). It is possible to trace a close correspondence between session types and propositions of linear logic, and between the typing rules of a session type system and the proof rules of linear logic [Wadler14, CairesPfenningToninho16, LindleyMorris16]. This correspondence provides session type theories with a solid logical foundation and enables the application of known results concerning linear logic proofs into the domain of communicating protocols. One notable example is cut elimination: the fact that every linear logic proof can be reduced to a form that does not make use of the cut rule means that the process described by the proof can be reduced to a form in which no pending communication is present, provided that there is a good correspondence between cut reductions in proofs and reductions in processes.

The development of session type systems based on linear logic also poses some challenges with respect to their ability to cope with “real-world” scenarios. An example, which is the focus of this work, is the modeling of the interactions between a pool of clients and a single server. By definition, a server is a process that can handle an unbounded number of requests made by clients. In a session type system based on linear logic, it is natural to associate the channel from which a server accepts client requests with a type of the form $!T$ , indicating the unlimited availability of a service with type $T$ . In fact, it was observed early on [GirardLafont87] that the meaning of the “of course” modality $!T$ could be informally expressed by the equation

!T\cong\mathbf{1}\mathbin{\binampersand}T\mathbin{\binampersand}(!T\mathbin{\otimes}!T)

which could be read “as many copies of $T$ as the clients require”. While appealing from a theoretical point of view, the association between the concept of server and the “of course” modality is both unrealistic and imprecise. First of all, it models the “unlimited” availability of the server by means of unlimited parallel copies of the server, each copy dealing with a single request, rather than by a single process that is capable of handling an unlimited number of requests sequentially. Second, it fails to capture the fact that each connection between a client and the server may alter the server’s internal state, in such a way that different connections may potentially affect each other.

These considerations have led Qian et al. [QianKavvosBirkedal21] to develop CSLL (for “Client-Server Linear Logic”), a session type system based on linear logic which includes the coexponential modalities $\text{?`}T$ and $\text{!`}T$ whose meaning can be (informally) expressed by the equations

\text{?`}T\cong\mathbf{1}\mathbin{\oplus}T\mathbin{\oplus}(\text{?`}T\mathbin{\otimes}\text{?`}T)\text{\qquad and\qquad}\text{!`}T\cong\bot\mathbin{\binampersand}T\mathbin{\binampersand}(\text{!`}T\mathbin{\bindnasrepma}\text{!`}T)

(1)

according to which a server that behaves as $\text{!`}T$ offers $T$ as many times as necessary to satisfy all client requests, but it does so sequentially and in some (unspecified) order. Qian et al. [QianKavvosBirkedal21] show that well-typed CSLL processes are deadlock free, but they leave a proof of termination to future work conjecturing that it could be quite involved. A proof of this property is valuable since termination (combined with deadlock freedom) implies livelock freedom.

In this paper we attack the problem of establishing a termination result for CSLL. Instead of providing an ad hoc proof, we attempt to reduce the termination problem for CSLL to the cut elimination property of a known logical system. To this aim, we propose a variation of CSLL called $\textsf{CSLL}^{\infty}$ that is in close relationship with $\mu\textsf{MALL}^{\infty}$ [BaeldeDoumaneSaurin16, Doumane17, BaeldeEtAl22], the infinitary proof theory of multiplicative-additive linear logic with least and greatest fixed points. The basic idea is to encode the coexponentials in $\textsf{CSLL}^{\infty}$ ’s type system as fixed points in $\mu\textsf{MALL}^{\infty}$ following their expected meaning (Equation 1). At this point, the cut elimination property of $\mu\textsf{MALL}^{\infty}$ should allow us to deduce that well-typed $\textsf{CSLL}^{\infty}$ processes do not admit infinite reduction sequences. As it turns out, we are unable to follow this plan of action in full. The problem is that some reductions in $\textsf{CSLL}^{\infty}$ do not correspond to cut reduction steps in $\mu\textsf{MALL}^{\infty}$ . More specifically, even though clients are queued into client pools, they should be able to reduce in any order, independently of their position in the queue. This independent reduction of the clients in the same pool is not matched by the sequence of cut reduction steps that are performed in the cut elimination proof of $\mu\textsf{MALL}^{\infty}$ . Still, the cut elimination property of $\mu\textsf{MALL}^{\infty}$ allows us to prove a useful result, namely that every well-typed $\textsf{CSLL}^{\infty}$ process is fairly terminating. Fair termination [GrumbergFrancezKatz84, Francez86] is weaker than termination since it does not rule out the existence of infinite reduction sequences. However, it guarantees that every fair and maximal reduction sequence of a well-typed $\textsf{CSLL}^{\infty}$ process is finite, under a suitable fairness assumption. In particular, fair termination is strong enough (when combined with deadlock freedom) to guarantee livelock freedom.

The adoption of $\mu\textsf{MALL}^{\infty}$ as logical foundation for $\textsf{CSLL}^{\infty}$ has another advantage. In the original presentation of CSLL [QianKavvosBirkedal21] the process calculus is equipped with an unconventional operational semantics whereby reductions can occur underneath prefixes and prefixes may be moved around crossing restrictions, parallel compositions and other (unrelated) prefixes. This semantics is justified to keep the process reduction rules and the cut reduction rules sufficiently aligned, so that the cut elimination property in the logic can be reflected to some valuable property in the calculus, such as deadlock freedom. In contrast, $\textsf{CSLL}^{\infty}$ features an entirely conventional reduction semantics. We can afford to do so because $\mu\textsf{MALL}^{\infty}$ is an infinitary proof system in which the cut elimination property is proved bottom-up by reducing outermost cuts first. This reduction strategy matches the ordinary reduction semantics of any process calculus in which reductions happen at the outermost levels of processes. In the end, since the reduction semantics of $\textsf{CSLL}^{\infty}$ is stricter than that of CSLL, the deadlock freedom and the fair termination results we prove for $\textsf{CSLL}^{\infty}$ are somewhat stronger than their counterparts in the context of CSLL.

Structure of the paper.

Section 2 describes syntax and semantics of $\textsf{CSLL}^{\infty}$ and defines the notion of fairly terminating process. We develop the type system for $\textsf{CSLL}^{\infty}$ in Section 3. In Section 4 we recall the key elements of $\mu\textsf{MALL}^{\infty}$ , before addressing the proof that well-typed $\textsf{CSLL}^{\infty}$ processes fairly terminate in Section 5. LABEL:sec:example revisits an example of non-deterministic server given by Qian et al. [QianKavvosBirkedal21] in our setting. We summarize our results and further compare $\textsf{CSLL}^{\infty}$ with CSLL [QianKavvosBirkedal21] and other related work in LABEL:sec:conclusion. Some proofs and definitions have been moved into LABEL:sec:extra-types.

2 Syntax and Semantics of $\textsf{CSLL}^{\infty}$

Table 1: Syntax of

\textsf{CSLL}^{\infty}

$\displaystyle\begin{array}[t]{@{}r@{~}c@{~}ll@{}}P,Q\leavevmode\nobreak\ &::=\hfil\leavevmode\nobreak\ &\mathsf{A}\langle\overline{x}\rangle&\text{invocation}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &\mathsf{\color[rgb]{0,0,1}fail}\,x&\text{failure}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &\mathsf{\color[rgb]{0,0,1}wait}\,x.P&\text{wait}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &x(y).P&\text{input}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &\mathsf{\color[rgb]{0,0,1}case}\,{x}\{P,Q\}&\text{branch}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &\text{!`}x(y)\{P,Q\}&\text{server}\end{array}\leavevmode\nobreak\ \begin{array}[t]{@{}r@{~}c@{~}lll@{}}\leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &(x)(P\mathbin{|}Q)&\text{parallel composition}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &\text{?`}x[]&\text{empty pool}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &\mathsf{\color[rgb]{0,0,1}close}\,x&\text{close}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &x[y](P\mathbin{|}Q)&\text{output}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &\mathsf{\color[rgb]{0,.5,.5}in}_{i}\,x.P&\text{select}&i\in\{1,2\}\\ \leavevmode\nobreak\ &|\hfil\leavevmode\nobreak\ &\text{?`}x[y].P\mathrel{::}{Q}&\text{client pool}\end{array}$

In this section we define syntax and semantics of $\textsf{CSLL}^{\infty}$ , a calculus of sessions in which servers handle client requests sequentially. The syntax of $\textsf{CSLL}^{\infty}$ makes use of an infinite set $\mathcal{V}$ of channels ranged over by $x$ , $y$ and $z$ and a set $\mathcal{P}$ of process names ranged over by $\mathsf{A}$ , $\mathsf{B}$ , and so on. In $\textsf{CSLL}^{\infty}$ channels are of two kinds (which will be distinguished by their type): session channels connect two communicating processes; shared channels connect an unbounded number of clients with a single server. The structure of terms is given by the grammar in Table 1 and their meaning is informally described below. The term $(x)(P\mathbin{|}Q)$ represents the parallel composition of $P$ and $Q$ connected by the restricted channel $x$ , which can be either a session channel or a shared channel. The term $\mathsf{\color[rgb]{0,0,1}fail}\,x$ represents a process that signals a failure on channel $x$ . The term $\mathsf{\color[rgb]{0,0,1}close}\,x$ models the closing of a session, whereas $\mathsf{\color[rgb]{0,0,1}wait}\,x.P$ models a process that waits for $x$ to be closed and then continues as $P$ . The term $x[y](P\mathbin{|}Q)$ models a process that creates a new channel $y$ , sends $y$ over $x$ , uses $y$ as specified by $P$ and $x$ as specified by $Q$ . The term $x(y).P$ models a process that receives a channel $y$ from $x$ and then behaves as $P$ . The term $\mathsf{\color[rgb]{0,.5,.5}in}_{i}\,x.P$ models a process that sends the label $\mathsf{\color[rgb]{0,.5,.5}in}_{i}$ over $x$ and then behaves as $P$ . In this work we only consider two labels $\mathsf{\color[rgb]{0,.5,.5}in}_{1}$ and $\mathsf{\color[rgb]{0,.5,.5}in}_{2}$ , although it is common to allow for an arbitrary set of atomic labels. Dually, the term $\mathsf{\color[rgb]{0,0,1}case}\,{x}\{P_{1},P_{2}\}$ models a process that waits for a label $\mathsf{\color[rgb]{0,.5,.5}in}_{i}$ from $x$ and then behaves according to $P_{i}$ . The term $\text{?`}x[]$ models the empty pool of clients connecting with a server on the shared channel $x$ , whereas the term $\text{?`}x[y].P\mathrel{::}Q$ models a client pool consisting of a client that connects with a server on channel $x$ and behaves as $P$ and another client pool $Q$ . Occasionally we write $\text{?`}x[y].P$ instead of $\text{?`}x[y].P\mathrel{::}\text{?`}x[]$ . The term $\text{!`}x(y)\{P,Q\}$ models a server that waits for connections on the shared channel $x$ . If a new connection $y$ is established, the server continues as $P$ . If no clients are left connecting on $x$ , the service on $x$ is terminated and the process continues as $Q$ . Finally, a term $\mathsf{A}\langle\overline{x}\rangle$ represents the invocation of the process named $\mathsf{A}$ with arguments $\overline{x}$ . We assume that each process name is associated with a unique global definition of the form $\mathsf{A}(\overline{x})\triangleq P$ . The notation $\overline{e}$ is used throughout the paper to represent possibly empty sequences $e_{1},\dots,e_{n}$ of various entities.

The notions of free and bound names are defined in the expected way. Note that the output operations $x[y](P\mathbin{|}Q)$ and $\text{?`}x[y].P\mathrel{::}Q$ bind $y$ in $P$ but not in $Q$ . We write $\mathsf{fn}(P)$ and $\mathsf{bn}(P)$ for the sets of free and bound names in $P$ , we identify processes up to renaming of bound channel names and we require $\mathsf{fn}(P)=\{\overline{x}\}$ for each global definition $\mathsf{A}(\overline{x})\triangleq P$ .

Table 2: Structrual pre-congruence and reduction semantics of

\textsf{CSLL}^{\infty}

\begin{array}[]{@{}rll@{}}\hypertarget{rule:s-par-comm}{\textnormal{{\small[s-par-comm]}}}&(x)(P\mathbin{|}Q)\preccurlyeq(x)(Q\mathbin{|}P)\\ \hypertarget{rule:s-pool-comm}{\textnormal{{\small[s-pool-comm]}}}&\lx@intercol\text{?`}x[y].P\mathrel{::}\text{?`}u[v].Q\mathrel{::}R\preccurlyeq\text{?`}u[v].Q\mathrel{::}\text{?`}x[y].P\mathrel{::}R\hfil\\ \hypertarget{rule:s-par-assoc}{\textnormal{{\small[s-par-assoc]}}}&(x)(P\mathbin{|}(y)(Q\mathbin{|}R))\preccurlyeq(y)((x)(P\mathbin{|}Q)\mathbin{|}R)&x\in\mathsf{fn}(Q)\setminus\mathsf{fn}(R),y\not\in\mathsf{fn}(P)\\ \hypertarget{rule:s-pool-par}{\textnormal{{\small[s-pool-par]}}}&\text{?`}x[y].P\mathrel{::}(z)(Q\mathbin{|}R)\preccurlyeq(z)(\text{?`}x[y].P\mathrel{::}Q\mathbin{|}R)&x\in\mathsf{fn}(Q),z\not\in\mathsf{fn}(\text{?`}x[y].P)\\ \hypertarget{rule:s-par-pool}{\textnormal{{\small[s-par-pool]}}}&(z)(\text{?`}x[y].P\mathrel{::}Q\mathbin{|}R)\preccurlyeq\text{?`}x[y].P\mathrel{::}(z)(Q\mathbin{|}R)&z\not\in\mathsf{fn}(\text{?`}x[y].P)\\ \hypertarget{rule:s-call}{\textnormal{{\small[s-call]}}}&\mathsf{A}\langle\overline{x}\rangle\preccurlyeq P&\mathsf{A}(\overline{x})\triangleq P\\ \\ \hypertarget{rule:r-close}{\textnormal{{\small[r-close]}}}&(x)(\mathsf{\color[rgb]{0,0,1}close}\,x\mathbin{|}\mathsf{\color[rgb]{0,0,1}wait}\,x.P)\rightarrow P\\ \hypertarget{rule:r-comm}{\textnormal{{\small[r-comm]}}}&\lx@intercol(x)(x[y](P\mathbin{|}Q)\mathbin{|}x(y).R)\rightarrow(y)(P\mathbin{|}(x)(Q\mathbin{|}R))\hfil\\ \hypertarget{rule:r-case}{\textnormal{{\small[r-case]}}}&(x)(\mathsf{\color[rgb]{0,.5,.5}in}_{i}\,x.P\mathbin{|}\mathsf{\color[rgb]{0,0,1}case}\,{x}\{Q_{1},Q_{2}\})\rightarrow(x)(P\mathbin{|}Q_{i})\\ \hypertarget{rule:r-done}{\textnormal{{\small[r-done]}}}&(x)(\text{?`}x[]\mathbin{|}\text{!`}x(y)\{P,Q\})\rightarrow Q\\ \hypertarget{rule:r-connect}{\textnormal{{\small[r-connect]}}}&\lx@intercol(x)(\text{?`}x[y].P\mathrel{::}Q\mathbin{|}\text{!`}x(y)\{R_{1},R_{2}\})\rightarrow(y)(P\mathbin{|}(x)(Q\mathbin{|}R_{1}))\hfil\\ \hypertarget{rule:r-par}{\textnormal{{\small[r-par]}}}&(x)(P\mathbin{|}R)\rightarrow(x)(Q\mathbin{|}R)&P\rightarrow Q\\ \hypertarget{rule:r-pool}{\textnormal{{\small[r-pool]}}}&\text{?`}x[y].R\mathrel{::}P\rightarrow\text{?`}x[y].R\mathrel{::}Q&P\rightarrow Q\\ \hypertarget{rule:r-struct}{\textnormal{{\small[r-struct]}}}&P\rightarrow Q&P\preccurlyeq P^{\prime}\rightarrow Q^{\prime}\preccurlyeq Q\end{array}

The operational semantics of $\textsf{CSLL}^{\infty}$ is given by a structural precongruence relation $\preccurlyeq$ and a reduction relation $\rightarrow$ , both defined in Table 2 and described below. Rules [s-par-comm] and [s-pool-comm] state the expected commutativity of parallel and pool compositions. In particular, [s-pool-comm] allows clients in the same queue to swap positions, modeling the fact that the order in which they connect to the server is not deterministic. Rule [s-par-assoc] models the associativity of parallel composition. The side conditions make sure that no channel is captured ( $y\not\in\mathsf{fn}(P)$ ) or left dangling ( $x\not\in\mathsf{fn}(R)$ ) and that parallel processes remain connected ( $x\in\mathsf{fn}(Q)$ ). The rules [s-pool-par] and [s-par-pool] deal with the mixed associativity between parallel and pool compositions. The side conditions ensure that no bound name leaves its scope and that parallel processes remain connected. Finally, [s-call] unfolds a process invocation to its definition.

Concerning the reduction relation, rule [r-close] models the closing of a session, rule [r-comm] models the exchange of a channel and [r-case] that of a label. Rule [r-connect] models the connection of a client with a server, whereas [r-done] deals with the case in which there are no clients left. Finally, [r-par] and [r-pool] close reductions under parallel compositions and client pools whereas [r-struct] allows reductions up to structural pre-congruence.

Hereafter we write $\Rightarrow$ for the reflexive, transitive closure of $\rightarrow$ , we write $P\rightarrow$ if $P\rightarrow Q$ for some $Q$ and $P\arrownot\rightarrow$ if not $P\rightarrow$ . Later on we will also use a restriction of $\textsf{CSLL}^{\infty}$ dubbed $\textsf{CSLL}^{\infty}_{\textsf{det}}$ whose reduction relation, denoted by $\rightarrow_{\textsf{det}}$ , is obtained by removing the rules [s-pool-comm], [s-pool-par], [s-par-pool] and [r-pool] (all those with “pool” in their name) from $\rightarrow$ . In essence, $\textsf{CSLL}^{\infty}_{\textsf{det}}$ is a more deterministic version of $\textsf{CSLL}^{\infty}$ in which clients are forced to connect and reduce in the order in which they appear in client pools. Also, clients are no longer allowed to cross restricted channels.

Example 2.1.

We illustrate the features of $\textsf{CSLL}^{\infty}$ by modeling a pool of clients that compete to access a shared resource, represented as a simple lock. When one client manages to acquire the lock, meaning that it has gained access to the resource, it prevents other clients from accessing the resource until the resource is released. We model the lock with this definition:

\textsf{Lock}(x,z)\triangleq\text{!`}x(y)\{\mathsf{\color[rgb]{0,0,1}wait}\,y.\textsf{Lock}\langle x,z\rangle,\mathsf{\color[rgb]{0,0,1}close}\,z\}

The lock is a server waiting for connections on the shared channel $x$ , whereas each user is a client of the lock connecting on $x$ . When a connection is established, the server waits until the resource is released, which is signalled by the termination of the session $y$ , and then makes itself available again to handle further requests.

The following process models the concurrent access to the lock by two clients:

(x)(\text{?`}x[u].\mathsf{\color[rgb]{0,0,1}close}\,u\mathrel{::}\text{?`}x[v].\mathsf{\color[rgb]{0,0,1}close}\,v\mathrel{::}\text{?`}x[]\mathbin{|}\textsf{Lock}\langle x,z\rangle)

The order in which requests are handled by Lock is non-deterministic because of [s-pool-comm]. In this oversimplified example the users are indistinguishable and so non-determinism does not prevent the system to be confluent. In LABEL:sec:example we will see a more interesting example in which confluence is lost. This kind of interaction is typeable in $\textsf{CSLL}^{\infty}$ thanks to coexponentials, which enable the concurrent access to a shared resource. \lipicsEnd

We conclude this section by defining various termination properties of interest. A run of $P$ is a (finite or infinite) sequence $(P_{0},P_{1},\dots)$ of processes such that $P=P_{0}$ and $P_{i}\rightarrow P_{i+1}$ whenever $P_{i+1}$ is a term in the sequence. A run is maximal if it is infinite or if it is finite and its last term (say $Q$ ) cannot reduce any further (that is, $Q\arrownot\rightarrow$ ). We say that $P$ is terminating if every maximal run of $P$ is finite. We say that $P$ is weakly terminating if $P$ has a maximal finite run. A run of $P$ is fair if it contains finitely many weakly terminating processes. We say that $P$ is fairly terminating if every fair run of $P$ is finite.

A fundamental property of any fairness notion is the fact that every finite run of a process should be extendable to a maximal fair one. This property, called feasibility [AptFrancezKatz87] or machine closure [Lamport00], holds for our fairness notion and follows immediately from the next proposition.

Proposition 2.2.

Every process has at least one maximal fair run.

Proof 2.3.

For an arbitrary process $P$ there are two possibilities. If $P$ is weakly terminating, then there exists $Q$ such that $P\Rightarrow Q\arrownot\rightarrow$ . From this sequence of reductions we obtain a maximal run of $P$ that is fair since it is finite. If $P$ is not weakly terminating, then $P\rightarrow$ and $P\Rightarrow Q$ implies that $Q$ is not weakly terminating. In this case we can build an infinite run of $P$ which is fair since it does not go through any weakly terminating process.

The given notion of fair termination admits an alternative characterization that does not refer to fair runs. This characterization provides us with the key proof principle to show that well-typed $\textsf{CSLL}^{\infty}$ processes fairly terminate (Section 5).

Theorem 2.4.

$P$ is fairly terminating iff $P\Rightarrow Q$ implies that $Q$ is weakly terminating.

Proof 2.5.

( $\Leftarrow$ ) Suppose by contradiction that $(P_{0},P_{1},\dots)$ is an infinite fair run of $P$ and note that $P\Rightarrow P_{i}$ for every $i$ . From the hypothesis we deduce that every $P_{i}$ is weakly terminating. Then the run contains infinitely many weakly terminating processes, which is absurd by definition of fair run. ( $\Rightarrow$ ) Suppose that $P\Rightarrow Q$ . Then there is a finite run of $P$ that ends in $Q$ . By Proposition 2.2 there is a maximal fair run of $Q$ . By concatenating these two runs we obtain a maximal fair run of $P$ that contains $Q$ . From the hypothesis we deduce that this run is finite. Since $Q$ occurs in this run, we conclude that $Q$ is weakly terminating.

3 Type System

In this section we develop the type system of $\textsf{CSLL}^{\infty}$ . Types are defined thus:

\textbf{Type}\qquad T,S::=\bot\mid\mathbf{1}\mid\top\mid\mathbf{0}\mid T\mathbin{\bindnasrepma}S\mid T\mathbin{\otimes}S\mid T\mathbin{\binampersand}S\mid T\mathbin{\oplus}S\mid\text{!`}T\mid\text{?`}T

Types extend the usual constants and connectives of multiplicative-additive linear logic with the coexponentials $\text{!`}T$ and $\text{?`}T$ and, in the context of $\textsf{CSLL}^{\infty}$ , they describe how channels are used by processes. Positive types indicate output operations whereas negative types indicate input operations. In particular: $\mathbf{1}$ / $\bot$ describe a session channel used for sending/receiving a session termination signal; $\mathbf{0}$ / $\top$ describe a session channel used for sending/receiving an impossible (empty) message; $T\mathbin{\otimes}S$ / $T\mathbin{\bindnasrepma}S$ describe a session channel used for sending/receiving a channel of type $T$ and then according to $S$ ; $T_{1}\mathbin{\oplus}T_{2}$ / $T_{1}\mathbin{\binampersand}T_{2}$ describe a session channel used for sending/receiving a label $\mathsf{\color[rgb]{0,.5,.5}in}_{i}$ and then according to $T_{i}$ ; finally, $\text{?`}T$ / $\text{!`}T$ describe a shared channel used for sending/receiving a connection message establishing a session of type $T$ . Each type $T$ has a dual $T^{\bot}$ obtained in the expected way. For example, we have $(\mathbf{1}\mathbin{\oplus}T)^{\bot}=\bot\mathbin{\binampersand}T^{\bot}$ and $(\text{!`}T)^{\bot}=\text{?`}T^{\bot}$ .

Table 3: Typing rules for

\textsf{CSLL}^{\infty}

{mathpar}\inferrule

[[call]] P ⊢ ¯x : T A⟨¯x⟩ ⊢ ¯x : T A(¯x)≜P \inferrule[[cut]] P ⊢ Γ, x : T
Q ⊢ Δ, x : T^⊥ (x)(P|Q) ⊢ Γ, Δ \inferrule[[ $\top$ ]] fail x ⊢ Γ, x : ⊤ \inferrule[[ $\bot$ ]] Γ ⊢ P Γ, x : ⊥ ⊢ wait x.P \inferrule[[ $\mathbf{1}$ ]] close x ⊢ x : 1 \inferrule[[ $\mathbin{\bindnasrepma}$ ]] P ⊢ Γ, y : T, x : S x(y).P ⊢ Γ, x : T⅋S \inferrule[[ $\mathbin{\otimes}$ ]] P ⊢ Γ, y : T
Q ⊢ Δ, x : S x[y](P|Q) ⊢ Γ, Δ, x : T⊗S \inferrule[[ $\mathbin{\binampersand}$ ]] P ⊢ Γ, x : T
Q ⊢ Γ, x : S case x{P,Q} ⊢ Γ, x : T&S \inferrule[[ $\mathbin{\oplus}$ ]] P ⊢ Γ, x : T_i in_i x.P ⊢ Γ, x : T_1 ⊕T_2 \inferrule[[server]] P ⊢ Γ, x : ¡T, y : T
Q ⊢ Γ ¡x(y){P,Q} ⊢ Γ, x : ¡T \inferrule[[client]] P ⊢ Γ, y : T
Q ⊢ Δ, x : ¿T ¿x[y].P ::Q ⊢ Γ, Δ, x : ¿T \inferrule[[done]] ¿x[] ⊢ x : ¿T

The typing rules for $\textsf{CSLL}^{\infty}$ are shown in Table 3. Typing judgments have the form $P\vdash\Upgamma$ and relate a process $P$ with a context $\Upgamma$ . Contexts are finite maps from channel names to types written as $\overline{x:T}$ . We let $\Upgamma$ and $\Updelta$ range over contexts, we write $\emptyset$ for the empty context, we write $\mathsf{dom}(\Upgamma)$ for the domain of $\Upgamma$ , namely for the set of channel names for which there is an association in $\Upgamma$ , and we write $\Upgamma,\Updelta$ for the union of $\Upgamma$ and $\Updelta$ when $\mathsf{dom}(\Upgamma)\cap\mathsf{dom}(\Updelta)=\emptyset$ .

For the most part, the typing rules coincide with those of a standard session type system based on linear logic [Wadler14, LindleyMorris16]. In particular, [cut], [ $\top$ ], [ $\bot$ ], [ $\mathbf{1}$ ], [ $\mathbin{\bindnasrepma}$ ], [ $\mathbin{\otimes}$ ], [ $\mathbin{\binampersand}$ ] and [ $\mathbin{\oplus}$ ] relate the standard proof rules of multiplicative-additive classical linear logic with the corresponding forms of $\textsf{CSLL}^{\infty}$ . The rule [call] deals with process invocations $\mathsf{A}\langle\overline{x}\rangle$ by unfolding the global definition of $\mathsf{A}$ , noted as side condition to the rule. Rule [server] deals with servers $\text{!`}x(y)\{P,Q\}$ . The continuation $P$ , which is the actual handler of incoming connections, must be well typed in a context enriched with the channel $y$ resulting from the connection. Note that $x$ is still present in the context and with the same type, meaning that $P$ must also be able to handle any further connection on the shared channel $x$ . The continuation $Q$ , which models the behavior of the server once no more clients are connecting on $x$ , is not supposed to use $x$ any longer. Rule [client] deals with non-empty client pools $\text{?`}x[y].P\mathrel{::}Q$ . The client $P$ is connecting with a server through a shared channel $x$ and establishes a session $y$ . The rest of the pool $Q$ is using $x$ in the same way. Rule [done] deals with the empty pool of clients connecting on $x$ .

The typing rules are interpreted coinductively. Therefore, a judgment $P\vdash\Upgamma$ is derivable if there is a possibly infinite typing derivation for it. The need for infinite typing derivations stems from the fact that we type process invocations by “unfolding” them to the process they represent, so this unfolding may go on forever in the case of recursive processes.

Example 3.1.

Let us consider once again the process definitions in Example 2.1. We derive

{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 45.04163pt\hbox{$\displaystyle\penalty 1\smash{\vdots}$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=97.58325pt\hbox{\kern 3.00003pt$\textnormal{{\small[call]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\textsf{Lock}\langle x,z\rangle\vdash x:\text{!`}\bot,z:\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=150.3021pt\hbox{\kern 3.00003pt$\textnormal{{\small[$\bot$]}}$}}}\hbox{\kern 0.6812pt\hbox{$\displaystyle\mathsf{\color[rgb]{0,0,1}wait}\,y.\textsf{Lock}\langle x,z\rangle\vdash x:\text{!`}\bot,y:\bot,z:\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 27.3402pt\hbox{$\displaystyle\penalty 1$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=54.68039pt\hbox{\kern 3.00003pt$\textnormal{{\small[$\mathbf{1}$]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\mathsf{\color[rgb]{0,0,1}close}\,z\vdash z:\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=294.92017pt\hbox{\kern 3.00003pt$\textnormal{{\small[server]}}$}}}\hbox{\kern 52.28183pt\hbox{$\displaystyle\text{!`}x(y)\{\mathsf{\color[rgb]{0,0,1}wait}\,y.\textsf{Lock}\langle x,z\rangle,\mathsf{\color[rgb]{0,0,1}close}\,z\}\vdash x:\text{!`}\bot,z:\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=357.21124pt\hbox{\kern 3.00003pt$\textnormal{{\small[call]}}$}}}\hbox{\kern 129.814pt\hbox{$\displaystyle\textsf{Lock}\langle x,z\rangle\vdash x:\text{!`}\bot,z:\mathbf{1}$}}}}

showing that Lock is well typed. Note that the typing derivation is infinite since Lock is a recursive process. We can now obtain the following typing derivation

{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 27.97447pt\hbox{$\displaystyle\penalty 1$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=55.94894pt\hbox{\kern 3.00003pt$\textnormal{{\small[$\mathbf{1}$]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\mathsf{\color[rgb]{0,0,1}close}\,u\vdash u:\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 27.4559pt\hbox{$\displaystyle\penalty 1$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=54.9118pt\hbox{\kern 3.00003pt$\textnormal{{\small[$\mathbf{1}$]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\mathsf{\color[rgb]{0,0,1}close}\,v\vdash v:\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 27.1041pt\hbox{$\displaystyle\penalty 1$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=54.20819pt\hbox{\kern 3.00003pt$\textnormal{{\small[done]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\text{?`}x[]\vdash x:\text{?`}\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=210.55771pt\hbox{\kern 3.00003pt$\textnormal{{\small[client]}}$}}}\hbox{\kern 49.66663pt\hbox{$\displaystyle\text{?`}x[v].\mathsf{\color[rgb]{0,0,1}close}\,v\mathrel{::}\text{?`}x[]\vdash x:\text{?`}\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=370.66655pt\hbox{\kern 3.00003pt$\textnormal{{\small[client]}}$}}}\hbox{\kern 97.91661pt\hbox{$\displaystyle\text{?`}x[u].\mathsf{\color[rgb]{0,0,1}close}\,u\mathrel{::}\text{?`}x[v].\mathsf{\color[rgb]{0,0,1}close}\,v\mathrel{::}\text{?`}x[]\vdash x:\text{?`}\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 45.04163pt\hbox{$\displaystyle\penalty 1\smash{\vdots}$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=97.58325pt\hbox{}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\textsf{Lock}\langle x,z\rangle\vdash x:\text{!`}\bot,z:\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=436.1076pt\hbox{\kern 3.00003pt$\textnormal{{\small[cut]}}$}}}\hbox{\kern 100.67528pt\hbox{$\displaystyle(x)(\text{?`}x[u].\mathsf{\color[rgb]{0,0,1}close}\,u\mathrel{::}\text{?`}x[v].\mathsf{\color[rgb]{0,0,1}close}\,v\mathrel{::}\text{?`}x[]\mathbin{|}\textsf{Lock}\langle x,z\rangle)\vdash z:\mathbf{1}$}}}}

showing that the system as a whole is well typed. \lipicsEnd

Adopting an infinitary type system will make it easy to relate $\textsf{CSLL}^{\infty}$ with $\mu\textsf{MALL}^{\infty}$ (Section 5). However, we must be careful in that some infinite typing derivations allow us to type processes that are not weakly terminating, as illustrated in the next example.

Example 3.2 (non-terminating process).

Consider the process $\Omega\triangleq(x)(\mathsf{\color[rgb]{0,0,1}close}\,x\mathbin{|}\mathsf{\color[rgb]{0,0,1}wait}\,x.\Omega)$ which creates a session $x$ , immediately closes it and then repeats the same behavior. Clearly, this process is not weakly terminating because it can only reduce thus:

\Omega\preccurlyeq(x)(\mathsf{\color[rgb]{0,0,1}close}\,x\mathbin{|}\mathsf{\color[rgb]{0,0,1}wait}\,x.\Omega)\rightarrow\Omega\preccurlyeq(x)(\mathsf{\color[rgb]{0,0,1}close}\,x\mathbin{|}\mathsf{\color[rgb]{0,0,1}wait}\,x.\Omega)\rightarrow\cdots

Nonetheless, we are able to find the following (infinite) typing derivation for $\Omega$ .

{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 27.96516pt\hbox{$\displaystyle\penalty 1$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=55.93033pt\hbox{\kern 3.00003pt$\textnormal{{\small[$\mathbf{1}$]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\mathsf{\color[rgb]{0,0,1}close}\,x\vdash x:\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 8.19438pt\hbox{$\displaystyle\penalty 1\smash{\vdots}\mathstrut$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=23.88876pt\hbox{\kern 3.00003pt$\textnormal{{\small[call]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\Omega\vdash\emptyset$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=76.6076pt\hbox{\kern 3.00003pt$\textnormal{{\small[$\bot$]}}$}}}\hbox{\kern 4.11641pt\hbox{$\displaystyle\mathsf{\color[rgb]{0,0,1}wait}\,x.\Omega\vdash x:\bot$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=222.47562pt\hbox{\kern 3.00003pt$\textnormal{{\small[cut]}}$}}}\hbox{\kern 58.05385pt\hbox{$\displaystyle(x)(\mathsf{\color[rgb]{0,0,1}close}\,x\mathbin{|}\mathsf{\color[rgb]{0,0,1}wait}\,x.\Omega)\vdash\emptyset$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=274.19446pt\hbox{\kern 3.00003pt$\textnormal{{\small[call]}}$}}}\hbox{\kern 125.15285pt\hbox{$\displaystyle\Omega\vdash\emptyset$}}}}

Since we aim at ensuring fair termination for well-typed processes, we must consider this derivation as invalid. \lipicsEnd

In order to rule out processes like $\Omega$ in Example 3.2, we identify a class of valid typing derivations as follows.

Definition 3.3 (valid typing derivation).

A typing derivation is valid if every infinite branch in it goes through infinitely many applications of the rule [server] concerning the same channel.

This validity condition requires that every infinite branch of a typing derivation describes the behavior of a server willing to accept an unbounded number of connection requests. If we look back at the infinite typing derivation for the Lock process in Example 3.1, we see that it is valid according to Definition 3.3 since the only infinite branch in it goes through infinitely many applications of the rule [server] concerning the very same shared channel $x$ . On the contrary, the typing derivation in Example 3.2 is invalid since the infinite branch in it does not go through any application of [server].

The fact that every infinite branch must go through infinitely many applications of [server] concerning the very same shared channel is a subtle point. Without the specification that it is the same shared channel to be found infinitely often, it would be possible to obtain invalid typing derivations as illustrated by the next example.

Example 3.4.

Consider the definition

\Omega\textsf{-Server}(x)\triangleq\text{!`}x(y)\{\mathsf{\color[rgb]{0,0,1}wait}\,y.\Omega\textsf{-Server}\langle x\rangle,(z)(\text{?`}z[]\mathbin{|}\Omega\textsf{-Server}\langle z\rangle)\}

describing a server that waits for connections on the shared channel $x$ . After each request, the server makes itself available again for handling more requests by the recursive invocation $\Omega\textsf{-Server}\langle x\rangle$ . Once all requests have been processed, the server creates a new shared channel on which an analogous server operates. Using the typing rules in Table 3 we are able to find the following typing derivation:

{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 0.15213pt\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 38.6597pt\hbox{$\displaystyle\penalty 1\smash{\vdots}\mathstrut$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=84.8194pt\hbox{\kern 3.00003pt$\textnormal{{\small[call]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\Omega\textsf{-Server}\langle x\rangle\vdash x:\text{!`}\bot$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=137.8425pt\hbox{\kern 3.00003pt$\textnormal{{\small[$\bot$]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\mathsf{\color[rgb]{0,0,1}wait}\,y.\Omega\textsf{-Server}\langle x\rangle\vdash x:\text{!`}\bot,y:\bot$}}}}\hskip 5.0pt plus 1.0fil\penalty 2\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{$\displaystyle\penalty 1\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 26.47913pt\hbox{$\displaystyle\penalty 1$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=52.95825pt\hbox{\kern 3.00003pt$\textnormal{{\small[done]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\text{?`}z[]\vdash z:\text{?`}\mathbf{1}$}}}}\hskip 5.0pt plus 1.0fil\penalty 2\hskip 5.0pt plus 1.0fil{tensy\vbox{\hbox spread0.0pt{\hskip 0.0pt plus 0.0001fil\hbox{\kern 38.03473pt\hbox{$\displaystyle\penalty 1\smash{\vdots}$}}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=83.56946pt\hbox{\kern 3.00003pt$\textnormal{{\small[call]}}$}}}\hbox{\kern 0.0pt\hbox{$\displaystyle\Omega\textsf{-Server}\langle z\rangle\vdash z:\text{!`}\bot$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=246.96542pt\hbox{\kern 3.00003pt$\textnormal{{\small[cut]}}$}}}\hbox{\kern 69.01392pt\hbox{$\displaystyle(z)(\text{?`}z[]\mathbin{|}\Omega\textsf{-Server}\langle z\rangle)\vdash\emptyset$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=477.7456pt\hbox{\kern 3.00003pt$\textnormal{{\small[server]}}$}}}\hbox{\kern 115.95834pt\hbox{$\displaystyle\text{!`}x(y)\{\mathsf{\color[rgb]{0,0,1}wait}\,y.\Omega\textsf{-Server}\langle x\rangle,(z)(\text{?`}z[]\mathbin{|}\Omega\textsf{-Server}\langle z\rangle)\}\vdash x:\text{!`}\bot$}}}}\hskip 5.0pt plus 1.0fil\penalty 2$}\hskip 0.0pt plus 0.0001fil}\hbox{\hbox{\kern 0.0pt\vrule height=0.25002pt,depth=0.25002pt,width=506.96443pt\hbox{\kern 3.00003pt$\textnormal{{\small[call]}}$}}}\hbox{\kern 211.07251pt\hbox{$\displaystyle\Omega\textsf{-Server}\langle x\rangle\vdash x:\text{!`}\bot$}}}}

Notice that the derivation bifurcates in correspondence of the application of [server] and also that each sub-tree is infinite, since it contains an unfolding of the $\Omega\textsf{-Server}$ process. For this reason, the derivation contains (infinitely) many infinite branches, which are obtained by either “going left” or “going right” each time [server] is encountered. Each of these infinite branches goes through an application of [server] infinitely many times, as requested by Definition 3.3. Also, any such branch that “goes right” finitely many times eventually ends up going through infinitely many applications of [server] that concern the same channel. In contrast, any branch that “goes right” infinitely many times keeps going through applications of [server] concerning new shared channels created in correspondence of the application of [cut]. In conclusion, this typing derivation is invalid and rightly so, or else the diverging process $(x)(\text{?`}x[]\mathbin{|}\Omega\textsf{-Server}\langle x\rangle)$ would be well typed in the empty context. \lipicsEnd

We conclude this section by stating two key properties of the type system, starting from the fact that typing is preserved by structural pre-congruence and reductions.

Theorem 3.5.

Let $P\mathrel{\mathcal{R}}Q$ where ${\mathrel{\mathcal{R}}}\in\{{\preccurlyeq},{\rightarrow}\}$ . Then $P\vdash\Upgamma$ implies $Q\vdash\Upgamma$ .

Also, processes that are well typed in a context of the form $x:\mathbf{1}$ are deadlock free.

Theorem 3.6 (deadlock freedom).

If $P\vdash x:\mathbf{1}$ then either $P\preccurlyeq\mathsf{\color[rgb]{0,0,1}close}\,x$ or $P\rightarrow_{\textsf{det}}$ .

Note that Theorem 3.6 uses $\rightarrow_{\textsf{det}}$ instead of $\rightarrow$ in order to state that $P$ is able to reduce if it is not (structurally pre-congruent to) $\mathsf{\color[rgb]{0,0,1}close}\,x$ . Recalling that ${\rightarrow_{\textsf{det}}}\subseteq{\rightarrow}$ , the deadlock freedom property ensured by Theorem 3.6 is slightly stronger than one would normally expect. This formulation will be necessary in Section 5 when proving the soundness of the type system. The proofs of Theorems 3.5 and 3.6 can be found in LABEL:sec:extra-types.

Example 3.7 (forwarder).

Most session calculi based on linear logic include a form $x\leftrightarrow y$ whose typing rule $x\leftrightarrow y\vdash x:T,y:T^{\bot}$ corresponds to the axiom $\vdash T,T^{\bot}$ of linear logic. The form $x\leftrightarrow y$ is usually interpreted as a forwarder between the channels $x$ and $y$ and it is useful for example to model the output of a free channel $x\langle y\rangle.P$ as the term $x[z](y\leftrightarrow z\mathbin{|}P)$ . In this example we show that there is no need to equip $\textsf{CSLL}^{\infty}$ with a native form $x\leftrightarrow y$ since its behavior can be encoded as a well-typed $\textsf{CSLL}^{\infty}$ process. To this aim, we define a family $\textsf{Link}_{T}$ of process definitions by induction on $T$ as follows

	$\displaystyle\textsf{Link}_{\bot}(x,y$	$\displaystyle)\triangleq\mathsf{\color[rgb]{0,0,1}wait}\,x.\mathsf{\color[rgb]{0,0,1}close}\,y$
	$\displaystyle\textsf{Link}_{\top}(x,y$	$\displaystyle)\triangleq\mathsf{\color[rgb]{0,0,1}fail}\,x$
	$\displaystyle\textsf{Link}_{T\mathbin{\bindnasrepma}S}(x,y$	$\displaystyle)\triangleq x(u).y[v](\textsf{Link}_{T}\langle u,v\rangle\mathbin{\|}\textsf{Link}_{S}\langle x,y\rangle)$
	$\displaystyle\textsf{Link}_{T\mathbin{\binampersand}S}(x,y$	$\displaystyle)\triangleq\mathsf{\color[rgb]{0,0,1}case}\,{x}\{\mathsf{\color[rgb]{0,.5,.5}in}_{1}\,y.\textsf{Link}_{T}\langle x,y\rangle,\mathsf{\color[rgb]{0,.5,.5}in}_{2}\,y.\textsf{Link}_{S}\langle x,y\rangle\}$
	$\displaystyle\textsf{Link}_{\text{!`}T}(x,y$	$\displaystyle)\triangleq\text{!`}x(u)\{\text{?`}y[v].\textsf{Link}_{T}\langle u,v\rangle\mathrel{::}{\textsf{Link}_{\text{!`}T}\langle x,y\rangle},\text{?`}y[]\}$

with the addition of the definitions $\textsf{Link}_{T}(x,y)\triangleq\textsf{Link}_{T^{\bot}}\langle y,x\rangle$ for the positive type constructors. It is easy to build a typing derivation for the judgment $\textsf{Link}_{T}\langle x,y\rangle\vdash x:T,y:T^{\bot}$ . Also, every infinite branch in such derivation eventually loops through an invocation of the form $\textsf{Link}_{\text{!`}S}\langle u,v\rangle$ , which goes through an application of [server] concerning the channel $u$ . So, the derivation of $\textsf{Link}_{T}\langle x,y\rangle\vdash x:T,y:T^{\bot}$ is valid and the process $\textsf{Link}_{T}\langle x,y\rangle$ is well typed. \lipicsEnd

4 A quick recollection of $\mu\textsf{MALL}^{\infty}$

In this section we recall the main elements of $\mu\textsf{MALL}^{\infty}$ [Doumane17, BaeldeDoumaneSaurin16, BaeldeEtAl22], the infinitary proof system of the multiplicative additive fragment of linear logic extended with least and greatest fixed points. The syntax of $\mu\textsf{MALL}^{\infty}$ pre-formulas makes use of an infinite set of propositional variables ranged over by $X$ and $Y$ and is given by the grammar below:

\textbf{Pre-formula}\qquad\varphi,\psi::=X\mid\bot\mid\top\mid\mathbf{0}\mid\mathbf{1}\mid\varphi\mathbin{\bindnasrepma}\psi\mid\varphi\mathbin{\otimes}\psi\mid\varphi\mathbin{\binampersand}\psi\mid\varphi\mathbin{\oplus}\psi\mid\nu X.\varphi\mid\mu X.\varphi

The fixed point operators $\mu$ and $\nu$ are the binders of propositional variables and the notions of free and bound variables are defined accordingly. A $\mu\textsf{MALL}^{\infty}$ formula is a closed pre-formula. We write $\{\varphi/X\}$ for the capture-avoiding substitution of all free occurrences of $X$ with $\varphi$ and $\varphi^{\bot}$ for the dual of $\varphi$ , which is the involution such that

X^{\bot}=X\qquad(\mu X.\varphi)^{\bot}=\nu X.\varphi^{\bot}\qquad(\nu X.\varphi)^{\bot}=\mu X.\varphi^{\bot}

among the other expected equations. Postulating that $X^{\bot}=X$ is not a problem since we will always dualize formulas, which do not contain free propositional variables.

We write $\preceq$ for the subformula ordering, that is the least partial order such that $\varphi\preceq\psi$ if $\varphi$ is a subformula of $\psi$ . For example, if $\varphi\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\mu X.\nu Y.(X\mathbin{\oplus}Y)$ and $\psi\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\nu Y.(\varphi\mathbin{\oplus}Y)$ we have $\varphi\preceq\psi$ and $\psi\not\preceq\varphi$ . When $\Phi$ is a set of formulas, we write $\mathsf{min}\,\Phi$ for its $\preceq$ -minimum formula if it is defined. Occasionally we let $\star$ stand for an arbitrary binary connective (one of $\mathbin{\oplus}$ , $\mathbin{\otimes}$ , $\mathbin{\binampersand}$ , or $\mathbin{\bindnasrepma}$ ) and $\sigma$ stand for an arbitrary fixed point operator (either $\mu$ or $\nu$ ).

In $\mu\textsf{MALL}^{\infty}$ it is important to distinguish among different occurrences of the same formula in a proof derivation. To this aim, formulas are annotated with addresses. We assume an infinite set $\mathcal{A}$ of atomic addresses, $\mathcal{A}^{\bot}$ being the set of their duals such that $\mathcal{A}\cap\mathcal{A}^{\bot}=\emptyset$ and $\mathcal{A}^{\bot}{}^{\bot}=\mathcal{A}$ . We use $a$ and $b$ to range over elements of $\mathcal{A}\cup\mathcal{A}^{\bot}$ . An address is a string $aw$ where $w\in\{i,l,r\}^{*}$ . The dual of an address is defined as $(aw)^{\bot}=a^{\bot}w$ . We use $\alpha$ and $\beta$ to range over addresses, we write for the prefix relation on addresses and we say that $\alpha$ and $\beta$ are disjoint if $\alpha\not\beta$ and $\beta\not\alpha$ .

A formula occurrence (or simply occurrence) is a pair $\varphi_{m}adeofaformula$ φ $andanaddress$ . We use $F$ and $G$ to range over occurrences and we extend to occurrences several operations defined on formulas. In particular: we use logical connectives to compose occurrences so that $\varphi\mathbin{\star}\psi\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}(\varphi\mathbin{\star}\psi)_{a}nd$ σX.φ_ =def(σX.φ)_; the dual of an occurrence is obtained by dualizing both its formula and its address, that is $(\varphi_{^{\bot}}\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\varphi^{\bot}_{{\bot}}$ ; occurrence substitution preserves the address in the type within which the substitution occurs, but forgets the address of the occurrence being substituted, that is $\varphi_{\alpha}\{\psi_{\beta}/X\}\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\varphi\{\psi/X\}_{\alpha}$ .

We write $\overline{F}$ for the formula obtained by forgetting the address of $F$ . Finally, we write $\leadsto$ for the least reflexive relation on types such that $F_{1}\star F_{2}\leadsto F_{i}$ and $\sigma X.F\leadsto F\{\sigma X.F/X\}$ .

Table 4: Proof rules of

\mu\textsf{MALL}^{\infty}

[BaeldeDoumaneSaurin16, Doumane17, BaeldeEtAl22].

{mathpar}\inferrule

[[cut] ] ⊢Σ, F
⊢Θ, F^⊥ ⊢Σ, Θ \inferrule[[ $\top$ ] ] ⊢Σ, ⊤ \inferrule[[ $\bot$ ] ] ⊢Σ ⊢Σ, ⊥ \inferrule[[ $\mathbf{1}$ ] ] ⊢1 \inferrule[[ $\mathbin{\bindnasrepma}$ ] ] ⊢Σ, F, G ⊢Σ, F ⅋G \inferrule[[ $\mathbin{\otimes}$ ] ] ⊢Σ, F
⊢Θ, G ⊢Σ, Θ, F ⊗G \inferrule[[ $\mathbin{\binampersand}$ ] ] ⊢Σ, F
⊢Σ, G ⊢Σ, F &G \inferrule[[ $\mathbin{\oplus}$ ] ] ⊢Σ, F_i ⊢Σ, F_1 ⊕F_2 \inferrule[[ $\nu$ ] ] ⊢Σ, F{νX.F/X} ⊢Σ, νX.F \inferrule[[ $\mu$ ] ] ⊢Σ, F{μX.F/X} ⊢Σ, μX.F

The proof rules of $\mu\textsf{MALL}^{\infty}$ are shown in Table 4, where $\Sigma$ and $\Theta$ range over sets of occurrences written as $F_{1},\dots,F_{n}$ . The rules allow us to derive sequents of the form $\vdash\Sigma$ and are standard except for [ $\nu$ ], which unfolds a greatest fixed point just like [ $\mu$ ] does. Being an infinitary proof system, $\mu\textsf{MALL}^{\infty}$ rules are meant to be interpreted coinductively. That is, a sequent $\vdash\Sigma$ is derivable if there exists an arbitrary (finite or infinite) proof derivation whose conclusion is $\vdash\Sigma$ . Without a validity condition on derivations, such proof system is notoriously unsound. $\mu\textsf{MALL}^{\infty}$ ’s validity condition requires every infinite branch of a derivation to be supported by the continuous unfolding of a greatest fixed point. In order to formalize this condition, we start by defining threads, which are sequences of occurrences.

Definition 4.1 (thread).

A thread of $F$ is a (finite or infinite) sequence of occurrences $(F_{0},F_{1},\dots)$ such that $F_{0}=F$ and $F_{i}\leadsto F_{i+1}$ whenever $i+1$ is a valid index of the sequence.

Hereafter we use $t$ to range over threads. For example, if we consider $\varphi\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\mu X.(X\mathbin{\oplus}\mathbf{1})$ , we have that $t\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}(\varphi_{a},(\varphi\mathbin{\oplus}\mathbf{1})_{ai},\varphi_{ail},\dots)$ is an infinite thread of $\varphi_{a}$ .

Among all threads, we are interested in finding those in which a $\nu$ -formula is unfolded infinitely often. These threads, called $\nu$ -threads, are precisely defined thus:

Definition 4.2 ( $\nu$ -thread).

Let $t=(F_{0},F_{1},\dots)$ be an infinite thread, let $\overline{t}$ be the corresponding sequence $(\overline{F_{0}},\overline{F_{1}},\dots)$ of formulas and let $\mathsf{inf}(t)$ be the set of elements of $\overline{t}$ that occur infinitely often in $\overline{t}$ . We say that $t$ is a $\nu$ -thread if $\mathsf{min}\,\mathsf{inf}(t)$ is defined and is a $\nu$ -formula.

If we consider the infinite thread $t$ above, we have $\mathsf{inf}(t)=\{\varphi,\varphi\mathbin{\oplus}\mathbf{1}\}$ and $\mathsf{min}\,\mathsf{inf}(t)=\varphi$ , so $t$ is not a $\nu$ -thread because $\varphi$ is not a $\nu$ -formula. Consider instead $\varphi\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\nu X.\mu Y.(X\mathbin{\oplus}Y)$ and $\psi\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\mu Y.(\varphi\mathbin{\oplus}Y)$ and observe that $\psi$ is the “unfolding” of $\varphi$ . Now $t_{1}\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}(\varphi_{a},\psi_{ai},(\varphi\mathbin{\oplus}\psi)_{aii},\varphi_{aiil},\dots)$ is a thread of $\varphi_{a}$ such that $\mathsf{inf}(t_{1})=\{\varphi,\psi,\varphi\mathbin{\oplus}\psi\}$ and we have $\mathsf{min}\,\mathsf{inf}(t_{1})=\varphi$ because $\varphi\preceq\psi$ , so $t_{1}$ is a $\nu$ -thread. If, on the other hand, we consider the thread $t_{2}\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}(\varphi_{a},\psi_{ai},(\varphi\mathbin{\oplus}\psi)_{aii},\psi_{aiir},(\varphi\mathbin{\oplus}\psi)_{aiiri},\dots)$ such that $\mathsf{inf}(t_{2})=\{\psi,\varphi\mathbin{\oplus}\psi\}$ we have $\mathsf{min}\,\mathsf{inf}(t_{2})=\psi$ because $\psi\preceq\varphi\mathbin{\oplus}\psi$ , so $t_{2}$ is not a $\nu$ -thread. Intuitively, the $\preceq$ -minimum formula among those that occur infinitely often in a thread is the outermost fixed point operator that is being unfolded infinitely often. It is possible to show that this minimum formula is always well defined [Doumane17]. If such minimum formula is a greatest fixed point operator, then the thread is a $\nu$ -thread. Note that a $\nu$ -thread is necessarily infinite.

Now we proceed by identifying threads along branches of proof derivations. To this aim, we provide a precise definition of branch.

Definition 4.3 (branch).

A branch of a proof derivation is a sequence $(\vdash\Sigma_{0},\vdash\Sigma_{1},\dots)$ of sequents such that $\vdash\Sigma_{0}$ occurs somewhere in the derivation and $\vdash\Sigma_{i+1}$ is a premise of the rule application that derives $\vdash\Sigma_{i}$ whenever $i+1$ is a valid index of the sequence.

An infinite branch is valid if supported by a $\nu$ -thread that originates somewhere therein.

Definition 4.4.

Let $\gamma=(\vdash\Sigma_{0},\vdash\Sigma_{1},\dots)$ be an infinite branch in a derivation. We say that $\gamma$ is valid if there exists $I\subseteq\mathbb{N}$ such that $(F_{i})_{i\in I}$ is a $\nu$ -thread and $F_{i}\in\Sigma_{i}$ for every $i\in I$ .

Definition 4.5.

A $\mu\textsf{MALL}^{\infty}$ derivation is valid if so are its infinite branches.

5 Fair Termination of $\textsf{CSLL}^{\infty}$

In this section we prove that well-typed $\textsf{CSLL}^{\infty}$ processes fairly terminate. We do so by appealing to the alternative characterization of fair termination given by Theorem 2.4. Using that characterization and using the fact that typing is preserved by reductions (Theorem 3.5), it suffices to show that well-typed $\textsf{CSLL}^{\infty}$ processes weakly terminate. To do that, we encode a well-typed $\textsf{CSLL}^{\infty}$ process $P$ into a (valid) $\mu\textsf{MALL}^{\infty}$ proof and we use the cut elimination property of $\mu\textsf{MALL}^{\infty}$ to argue that $P$ has a finite maximal run.

Encoding of types

The encoding of $\textsf{CSLL}^{\infty}$ types into $\mu\textsf{MALL}^{\infty}$ formulas is the map $\llbracket\cdot\rrbracket$ defined by

\llbracket\text{?`}T\rrbracket=\mu X.(\mathbf{1}\mathbin{\oplus}(\llbracket T\rrbracket\mathbin{\otimes}X))\qquad\llbracket\text{!`}T\rrbracket=\nu X.(\bot\mathbin{\binampersand}(\llbracket T\rrbracket\mathbin{\bindnasrepma}X))

(2)

and extended homomorphically to all the other type constructors, which are in one-to-one correspondence with the connectives and constants of $\mu\textsf{MALL}^{\infty}$ . Notice that the image of the encoding is a relatively small subset of $\mu\textsf{MALL}^{\infty}$ formulas in which different fixed point operators are never intertwined. Also notice that the encoding of the coexponentials does not follow exactly their expansion in Equation 1. Basically, we choose to interpret $\text{?`}T$ as a list of clients rather than as a tree of clients, following to the intuition that clients are queued when connecting to a server. The interpretation of ¡ follows as a consequence, as we want it to be the dual of the interpretation of ¿. Note that this interpretation of the coexponential modalities is the same used by Qian et al. [QianKavvosBirkedal21].

Encoding of typing contexts

The next step is the encoding of $\textsf{CSLL}^{\infty}$ contexts into $\mu\textsf{MALL}^{\infty}$ sequents. Recall that a $\mu\textsf{MALL}^{\infty}$ sequent is a set of occurrences and that an occurrence is a pair $\varphi_{m}adeofaformula$ φ $andanaddress$ . In order to associate addresses with formulas, we parametrize the encoding of $\textsf{CSLL}^{\infty}$ contexts with an injective map $\sigma$ from $\textsf{CSLL}^{\infty}$ channels to addresses, since channels in (the domain of a) $\textsf{CSLL}^{\infty}$ context uniquely identify the occurrence of a type (and thus of a formula). We write $x\mapsto forthesingletonmapthatassociates$ x $withtheaddress$ and $\sigma_{1},\sigma_{2}$ for the union of $\sigma_{1}$ and $\sigma_{2}$ when they have disjoint domains and codomains. Now, the encoding of a $\textsf{CSLL}^{\infty}$ context is set of formulas defined by

\llbracket x_{1}:T_{1},\dots,x_{n}:T_{n}\rrbracket_{\sigma,x_{1}\mapsto 1,\dots,x_{n}\mapsto n}\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\llbracket T_{1}\rrbracket_{1},\dots,\llbracket T_{n}\rrbracket_{n}

Encoding of typing derivations

Just like for the encoding of $\textsf{CSLL}^{\infty}$ contexts, also the encoding of typing derivations is parametrized by a map $\sigma$ from $\textsf{CSLL}^{\infty}$ channels to addresses. In addition, we also have to take into account the possibility that restricted channels are introduced in a $\textsf{CSLL}^{\infty}$ context, which happens in the rule [cut] of Table 3. The formula occurrence corresponding to the type of this newly introduced channel must have an address that is disjoint from that of any other occurrence. To guarantee this disjointness, we parametrize the encoding of $\textsf{CSLL}^{\infty}$ derivations by an infinite stream $\rho$ of pairwise distinct atomic addresses. Formally, $\rho$ is an injective function $\mathbb{N}\to\mathcal{A}$ . We write $a\rho$ , $\mathsf{even}(\rho)$ and $\mathsf{odd}(\rho)$ for the streams defined by

(a\rho)(0)\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}0\qquad(a\rho)(n+1)\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\rho(n)\qquad\mathsf{even}(\rho)(n)\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\rho(2n)\qquad\mathsf{odd}(\rho)(n)\stackrel{{\scriptstyle\smash{\textsf{\tiny def}}}}{{=}}\rho(2n+1)

respectively. In words, $a\rho$ is the stream of atomic addresses that starts with $a$ and continues as $\rho$ whereas $\mathsf{even}(\rho)$ and $\mathsf{odd}(\rho)$ are the sub-streams of $\rho$ consisting of addresses with an even (respectively, odd) index.

The encoding of a $\textsf{CSLL}^{\infty}$ typing derivation is coinductively defined by a map $\left\llbracket\cdot\right\rrbracket_{\sigma}^{\rho}$ which we describe using the following notation. For every typing rule in Table 3

\inferrule[\textnormal{{\small[rule]}}]{\mathcal{J}_{1}\\ \cdots\\ \mathcal{J}_{n}}{\mathcal{J}}\text{\qquad we write \qquad}\left\llbracket\inferrule{\mathcal{J}_{1}\\ \cdots\\ \mathcal{J}_{n}}\mathcal{J}\right\rrbracket_{\sigma}^{\rho}=\pi

meaning that $\pi$ is the $\mu\textsf{MALL}^{\infty}$ derivation resulting from the encoding of the $\textsf{CSLL}^{\infty}$ derivation for the judgment $\mathcal{J}$ in which the last rule is an application of [rule]. Within $\pi$ there will be instances of the $\left\llbracket\mathcal{J}_{i}\right\rrbracket_{\sigma_{i}}^{\rho_{i}}$ for suitable $\sigma_{i}$ and $\rho_{i}$ standing for the encodings of the $\textsf{CSLL}^{\infty}$ sub-derivations for the judgments $\mathcal{J}_{i}$ that we find as premises of [rule].

There is a close correspondence between many $\textsf{CSLL}^{\infty}$ typing rules and $\mu\textsf{MALL}^{\infty}$ proof rules so we only detail a few interesting cases of the encoding, starting from the typing rules [ $\mathbin{\otimes}$ ] and [ $\mathbin{\bindnasrepma}$ ]. A $\mu\textsf{MALL}^{\infty}$ typing derivation ending with an application of these rules is encoded as follows:

\begin{array}[]{@{}r@{~}l@{}}\left\llbracket\inferrule\\ Q\vdash\Updelta,x:S}{x[y](P\mathbin{|}Q)\vdash\Upgamma,\Updelta,x:T\mathbin{\otimes}S}\right\rrbracket_{\sigma,x\mapsto}^{\rho}&=\inferrule{\left\llbracket P\vdash\Upgamma,y:T\right\rrbracket_{\sigma,y\mapsto}^{\mathsf{even}(\rho)}\\ \left\llbracket Q\vdash\Updelta,x:S\right\rrbracket_{\sigma,x\mapsto}^{\mathsf{odd}(\rho)}}{\vdash\llbracket\Upgamma,\Updelta\rrbracket_{\sigma},\llbracket T\mathbin{\otimes}S\rrbracket\,\textnormal{{\small[$\mathbin{\otimes}$]}}\\ \left\llbracket\inferrule{P\vdash\Upgamma,y:T,x:S}{x(y).P\vdash\Upgamma,x:T\mathbin{\bindnasrepma}S}\right\rrbracket_{\sigma,x\mapsto}^{\rho}\leavevmode\nobreak\ &=\inferrule{\left\llbracket P\vdash\Upgamma,y:T,x:S\right\rrbracket_{\sigma,y\mapsto,x\mapsto}^{\rho}}{\vdash\llbracket\Upgamma\rrbracket_{\sigma},\llbracket T\mathbin{\bindnasrepma}S\rrbracket\,\textnormal{{\small[$\mathbin{\bindnasrepma}$]}}\end{array}}

Notice that the types $T\mathbin{\otimes}S$ and $T\mathbin{\bindnasrepma}S$ associated with $x$ in the conclusion of the rules are encoded into the occurrences $\llbracket T\mathbin{\otimes}S\rrbracket_{a}nd$ ⟦T⅋S⟧_ where $istheaddressassociatedwith$ x $in$ σ,x ↦. This address is suitably updated in the encoding of the premises of the rules. In the case of [ $\mathbin{\otimes}$ ], the original stream $\rho$ of atomic addresses is split into two disjoint streams in the encoding of the premises to ensure that no atomic address is used twice.

Every application of [call] is simply erased in the encoding:

\left\llbracket\inferrule{P\vdash\overline{x:T}}{\mathsf{A}\langle\overline{x}\rangle\vdash\overline{x:T}}\right\rrbracket_{\sigma}^{\rho}=\left\llbracket P\vdash\overline{x:T}\right\rrbracket_{\sigma}^{\rho}

The validity of the $\textsf{CSLL}^{\infty}$ typing derivation guarantees that there cannot be an infinite chain of process invocations in a well-typed process. A proof of this fact is given by LABEL:lem:unfolded in LABEL:sec:extra-types. For this reason, the encoding of $\textsf{CSLL}^{\infty}$ derivations is well defined despite the fact that applications of [call] are erased.

Another case worth discussing is that of the rule [cut], which is handled as follows:

\left\llbracket\inferrule{P\vdash\Upgamma,x:T\\ Q\vdash\Updelta,x:T^{\bot}}{(x)(P\mathbin{|}Q)\vdash\Upgamma,\Updelta}\right\rrbracket_{\sigma}^{a\rho}=\inferrule{\left\llbracket P\vdash\Upgamma,x:T\right\rrbracket_{\sigma,x\mapsto a}^{\mathsf{even}(\rho)}\quad\left\llbracket Q\vdash\Updelta,x:T^{\bot}\right\rrbracket_{\sigma,x\mapsto a^{\bot}}^{\mathsf{odd}(\rho)}}{\vdash\llbracket\Upgamma,\Updelta\rrbracket_{\sigma}}\,\textnormal{{\small[cut]}}

The first address from the infinite stream $a\rho$ , which is guaranteed to be distinct from any other address used so far and that will be used in the rest of the encoding, is associated with the newly introduced variable $x$ . Similarly to the case of [ $\mathbin{\otimes}$ ], the tail of the stream is split in the encoding of the two premises of [cut] so as to preserve this guarantee.

We now consider the applications of [done], [client] and [server] which account for the most relevant part of the encoding. These rule applications are encoded by considering the interpretation of the co-exponentials in terms of least and greatest fixed points (Equation 2) and then by applying the suitable $\mu\textsf{MALL}^{\infty}$ proof rules ([ $\mu$ ] and [ $\nu$ ] in particular). We have

\left\llbracket\inferrule{\leavevmode\nobreak\ }{\text{?`}x[]\vdash x:\text{?`}T}\right\rrbracket_{\sigma,x\mapsto}^{\rho}=\inferrule{\inferrule{\inferrule{\leavevmode\nobreak\ }{\vdash\mathbf{1}_{l}}\hbox to0.0pt{{{\small[$\mathbf{1}$]}} \hss}}{\vdash\llbracket\mathbf{1}\mathbin{\oplus}(T\mathbin{\otimes}\text{?`}T)\rrbracket}\hbox to0.0pt{{{\small[$\mathbin{\oplus}$]}} \hss}}{\vdash\llbracket\text{?`}T\rrbracket\textnormal{{\small[$\mu$]}}}

for the applications of [done] and

\begin{matrix} ⟦ \inferrule \\ Q ⊢ Δ, x : ¿ T ¿ x [y] . P : : Q ⊢ Γ, Δ, x : ¿ T ⟧_{σ, x \mapsto}^{ρ} = \end{matrix} f o r t h e a p p l i c a t i o n s o f [client] . F i n a l l y, t h e a p p l i c a t i o n s o f [server] a r e e n c o d e d t h u s : ⟦\inferruleQ⊢Γ¡x(y){P,Q}⊢Γ,x:¡T⟧σ,x↦ρ=NotethatinthislastcaseitisnotnecessarytosplitthestreamρsincethePandQbranchesoftheserveraremutuallyexclusive(thereductionrules[r-connect]and[r-done]pickoneortheotherbranch,butnotboth).Asimilarthinghappensintheencodingoftheapplicationsof[&],notshownhere.Validity