Termination in a Pi-calculus with Subtyping

B. Luttik and F . D. V alencia (Eds.): 18th International W orkshop on Expressiv eness in Concurrency (EXPRESS 2011) EPTCS 64, 2011, pp. 44–58, doi:10.4204/EPTCS.64.4 c  I. Cristescu, D. Hirschkof f T ermination in a π -calculus with Subtyping Ioana Cristescu Daniel Hirschkof f ENS L yon, Universit ´ e de L yon, CNRS, INRIA, France W e present a type system to guarantee termination of π -calculus processes that e xploits input/output capabilities and subtyping, as originally introduced by Pierce and Sangiorgi, in order to analyse the usage of channels. W e show that our system improv es over previously existing proposals by accepting more pro- cesses as terminating. This increased expressi veness allows us to capture sensible programming idioms. W e demonstrate ho w our system can be extended to handle the encoding of the simply typed λ -calculus, and discuss questions related to type inference. 1 Intr oduction Although many concurrent systems, such as servers, are supposed to run forev er , termination is an impor - tant property in a concurrent setting. For instance, one would like a request to a server to be ev entually answered; similarly , the access to a shared resource should be ev entually granted. T ermination can be useful to guarantee in turn lock-freedom properties [8]. In this work, we study termination in the setting of the π -calculus: concurrent systems are specified as π -calculus processes, and we would like to avoid situations in which a process can perform an infinite sequence of internal communication steps. Despite its conciseness, the π -calculus can express complex behaviours, such as reconfiguration of communication topology , and dynamic creation of channels and threads. Guaranteeing termination is thus a nontri vial task. More specifically , we are interested in methods that provide termination guarantees statically . There exist se veral type-based approaches to guarantee termination in the π -calculus [5, 15, 12, 3, 4]. In these works, any typable process is guaranteed to be reactive, in the sense that it cannot enter an infinite sequence of internal communications: it eventually terminates computation, or ends up in a state where an interaction with the en vironment is required. The type systems in the works mentioned abov e ha ve different expressi ve powers. Analysing the expressi veness of a type system for termination amounts to studying the class of processes that are recognised as terminating. A type system for termination typically rules out some terminating terms, because it is not able to recognise them as such (by essence, an ef fectiv e type system for termination defines an approximation of this undecidable property). When improving expressi veness, one is inter- ested in making the type system more flexible: more processes should be deemed as terminating. An important point in doing so is also to make sure that (at least some of) the ‘extra processes’ make sense from the point of vie w of programming. T ype systems f or termination in the π -calculus. Existing type systems for termination in the π - calculus build on simple types [13], whereby the type of a channel describes what kind of values it can carry . T wo approaches, that we shall call ‘level-based’ and ‘semantics-based’, have been studied to guarantee termination of processes. W e discuss belo w the first kind of methods, and return to semantics- based approaches towards the end of this section. Lev el-based methods for the termination of processes I. Cristescu, D. Hirschkof f 45 originate in [5], and hav e been further analysed and de veloped in [3]. The y e xploit a stratification of names, obtained by associating a level (gi ven by a natural number) to each name. Lev els are used to insure that at ev ery reduction step of a giv en process, some well-founded measure defined on processes decreases. Let us illustrate the le vel-based approach on some examples. In this paper , we work in the asyn- chronous π -calculus, and replication can occur only on input prefixes. As in previous work, adding features like synchron y or the sum operator to our setting does not bring any dif ficulty . According to lev el-based type systems, the process ! a ( x ) . b h x i is well-typed pro vided lvl ( a ) , the le vel of a , is strictly greater than lvl ( b ) . Intuitiv ely , this process trades messages on a (that ‘cost’ lvl ( a ) ) for messages on b (that cost less). Similarly , ! a ( x ) . ( b h x i | b h x i ) is also well-typed, because none of the two messages emitted on b will be liable to trigger messages on a ad infinitum. More generally , for a process of the form ! a ( x ) . P to be typable, we must check that all messages occurring in P are transmitted on channels whose le vel is strictly smaller than lvl ( a ) (more accurately , we only take into account those outputs that do not occur under a replication in P — see Section 2). This approach rules out a process like ! a ( x ) . b h x i | ! b ( y ) . a h y i (which generates the unsatisfiable con- straint lvl ( a ) > lvl ( b ) > lvl ( a ) ), as well as the other obviously ‘dangerous’ term ! a ( x ) . a h x i — note that neither of these processes is div erging, but they lead to infinite computations as soon as they are put in parallel with a message on a . The limitations of simple types. The starting point of this work is the observation that since existing le vel-based systems rely on simple types, they rule out processes that are harmless from the point of vie w of termination, essentially because in simple types, all names transmitted on a giv en channel should have the same type, and hence, in our setting, the same le vel as well. If we try for instance to type the process P 0 d e f = ! a ( x ) . x h t i , the constraint is lvl ( a ) > lvl ( x ) , in other words, the le vel of the names transmitted on a must be smaller than a ’ s le vel. It should therefore be licit to put P 0 in parallel with a h p i | a h q i , provided lvl ( p ) < lvl ( a ) and lvl ( q ) < lvl ( a ) . Existing type systems enforce that p and q have the same type for this process to be typable: as soon as two names are sent on the same channel (here, a ), their types are unified. This means that if for some reason (for instance, if the subterm ! p ( z ) . q h z i occurs in parallel) we must hav e lvl ( p ) > lvl ( q ) , the resulting process is rejected, although it is terminating. W e would like to provide more flexibility in the handling of the level of names, by relaxing the con- straint that p and q from the example abov e should ha ve the same type. T o do this while preserving soundness of the type system, it is necessary to take into account the way names are used in the contin- uation of a replicated input. In process P 0 abov e, x is used in output in the continuation, which allows one to send on a any name (of the appropriate simple type) of lev el strictly smaller than lvl ( a ) . If, on the other hand, we consider process P 1 d e f = ! b ( y ) . ! y ( z ) . c h z i , then typability of the subterm ! y ( z ) . c h z i imposes lvl ( y ) > lvl ( c ) , which means that any name of level strictly gr eater than lvl ( c ) can be sent on b . In this case, P 1 uses the name y that is recei ved along b in input. W e can remark that diver gent behaviours would arise if we allo wed the reception of names having a bigger (resp. smaller) le vel in P 0 (resp. P 1 ). Contributions of this work. These observ ations lead us to introduce a new type system for termination of mobile processes based on Pierce and Sangiorgi’ s system for input/output types (i/o-types) [11]. I/o- types are based on the notion of capability associated to a channel name, which makes it possible to grant only the possibility of emitting (the output capability) or recei ving (the input capability) on a given channel. A subtyping relation is introduced to express the fact that a channel for which both capabilities 46 T ermination in a π -calculus with Subtyping are av ailable can be coerced to a channel where only one is used. Intuitively , being able to hav e a more precise description of ho w a name will be used can help in asserting termination of a process: in P 0 , only the output capability on x is used, which makes it possible to send a name of smaller le vel on a ; in P 1 , symmetrically , y can hav e a bigger le vel than e xpected, as only the input capability on y is transmitted. The overall setting of this work is presented in Section 2, together with the definition of our type system. This system is strictly more expressiv e than pre viously existing le vel-based systems. W e show in particular that our approach yields a form of ‘lev el polymorphism’, which can be interesting in terms of programming, by making it possible to send sev eral requests to a giv en server (represented as a process of the form ! f ( x ) . P , which corresponds to the typical idiom for functions or servers in the π -calculus) with arguments that must ha ve dif ferent levels, because of e xisting dependencies between them. In order to study more precisely the possibility to handle terminating functions (or serv ers) in our setting, we analyse an encoding of the λ -calculus in the π -calculus. W e ha ve presented in [3] a coun- terexample sho wing that existing lev el-based approaches are not able to recognise as terminating the image of the simply-typed λ -calculus (ST λ ) in the π -calculus (all processes computed using such an encoding terminate [13]). W e show that this counterexample is typable in our system, but we exhibit a new counterexample, which is not. This sho ws that despite the increased expressi veness, lev el-based methods for the termination of π -calculus processes fail to capture terminating sequential computation as expressed in ST λ . T o accommodate functional computation, we exploit the work presented in [4], where an impur e π -calculus is studied. Impure means here that one distinguishes between two kinds of names. On one hand, functional names are subject to a certain discipline in their usage, which intuitiv ely arises from the way names are used in the encoding of ST λ in the π -calculus. On the other hand, imperative names do not obey such conditions, and are called so because they may lead to forms of stateful computation (for instance, an input on a certain name is av ailable at some point, b ut not later , or it is al ways a vailable, but leads to dif ferent computations at different points in the e xecution). In [4], termination is guaranteed in an impure π -calculus by using a le vel-based approach for impera- ti ve names, while functional names are dealt with separately , using a semantics-based approach [15, 12]. W e show that that type system, which combines both approaches for termination in the π -calculus, can be revisited in our setting. W e also demonstrate that the resulting system improv es in terms of expres- si veness ov er [4], from se veral points of vie w . Se veral technical aspects in the definition of our type systems are ne w with respect to previous works. First of all, while the works we rely on for termination adopt a presentation ` a la Church, where e very name has a given type a priori, we define our systems ` a la Curry , in order to follo w the approach for i/o-types in [11]. As we discuss below , this has some consequences on the soundness proof of our systems. Another dif ference is in the presentation of the impure calculus: [4] uses a specific syntactical construction, called def , and akin to a let .. in construct, to handle functional names. By a refinement of i/o-types, we are able instead to enforce the discipline of functional names without resorting to a particular syntactical construct, which allo ws us to keep a uniform syntax. W e finally discuss type inference, by focusing on the case of the localised π -calculus (L π ). L π corresponds to a certain restriction on i/o-types. This restriction is commonly adopted in implementations of the π -calculus. W e describe a sound and complete type inference procedure for our level-based system in L π . W e also provide some remarks about inference for i/o-types in the general case. Paper outline. Section 2 presents our type system, and sho ws that it guarantees termination. W e study its expressi veness in Section 3. Section 4 discusses type inference, and we giv e concluding remarks in I. Cristescu, D. Hirschkof f 47 Section 5. For lack of space, se veral proofs are omitted from this version of the paper . 2 A T ype System f or T ermination with Subtyping 2.1 Definition of the T ype System Processes and types. W e work with an infinite set of names , ranged over using a , b , c , . . . , x , y , . . . . Processes, ranged over using P , Q , R , . . . , are defined by the following grammar ( ? is a constant, and we use v for v alues): P :: = 0 0 0   P 1 | P 2   a h v i   ( ν ν ν a ) P   a ( x ) . P   ! a ( x ) . P v :: = ?   a . The constructs of restriction and (possibly replicated) input are binding, and giv e rise to the usual notion of α -con version. W e write fn ( P ) for the set of free names of process P , and P [ b / x ] stands for the process obtained by applying the capture-av oiding substitution of x with b in P . W e moreov er implicitly assume, in the remainder of the paper , that all the processes we manipulate are written in such a w ay that all bound names are pairwise distinct and are dif ferent from the free names. This may in particular in v olve some implicit renaming of processes when a reduction is performed. The grammar of types is gi ven by: T :: = ] k T   i k T   o k T   U , where k is a natural number that we call a level , and U stands for the unit type having ? as only v alue. A name having type ] k T has level k , and can be used to send or receiv e values of type T , while type i k T (resp. o k T ) corresponds to having only the input (resp. output) capability . Figure 1 introduces the subtyping and typing relations. W e note ≤ both for the subtyping relation and for the inequality between levels, as no ambiguity is possible. W e can remark that the input (resp. output) capability is covariant (resp. contrav ariant) w .r .t. ≤ , b ut that the opposite holds for lev els: input requires the supertype to hav e a smaller le vel. Γ ranges o ver typing en vironments, which are partial maps from names to types – we write Γ ( a ) = T if Γ maps a to T . dom ( Γ ) , the domain of Γ , is the set of names for which Γ is defined, and Γ , a : T stands for the typing environment obtained by extending Γ with the mapping from a to T , this operation being defined only when a / ∈ dom ( Γ ) . The typing judgement for processes is of the form Γ ` P : w , where w is a natural number called the weight of P . The weight corresponds to an upper bound on the maximum le vel of a channel that is used in output in P , without this output occurring under a replication. This can be read from the typing rule for output messages (notice that in the first premise, we require the output capability on a , which may in v olve the use of subtyping) and for parallel composition. As can be seen by the corresponding rules, non replicated input prefix and restriction do not change the weight of a process. The weight is controlled in the rule for replicated inputs, where we require that the lev el of the name used in input is strictly bigger than the weight of the continuation process. W e can also observe that working in a synchronous calculus would in v olve a minor change: typing a synchronous output a h v i . P would be done essentially like typing a h v i | P in our setting (with no major modification in the correctness proof for our type system). As an abbre viation, we shall omit the content of messages in prefix es, and write a and a for a ( x ) and a h ? i respectively , when a ’ s type indicates that a is used to transmit values of type U . Example 1 The pr ocess ! a ( x ) . x h t i | a h p i | a h q i | ! p ( z ) . q h z i fr om Section 1 can be typed in our type system: we can set a : ] 3 o 2 T , p : ] 2 T , q : o 1 T . Subtyping on le vels is at work in order to typechec k the subterm a h q i . W e pr ovide a mor e complex term, whic h can be typed using similar ideas, in Example 15 below . 48 T ermination in a π -calculus with Subtyping Subtyping ≤ is the least relation that is reflexiv e, transiti ve, and satisfies the follo wing rules: ] k T ≤ i k T ] k T ≤ o k T T ≤ S k 1 ≤ k 2 i k 2 T ≤ i k 1 S T ≤ S k 1 ≤ k 2 o k 1 S ≤ o k 2 T T yping values Γ ` ? : U Γ ( a ) = T Γ ` a : T Γ ` a : T T ≤ U Γ ` a : U T yping processes Γ ` 0 0 0 : 0 Γ ` a : o k T Γ ` v : T Γ ` a h v i : k Γ ` a : i k T Γ , x : T ` P : w Γ ` a ( x ) . P : w Γ ` a : i k T Γ , x : T ` P : w k > w Γ ` ! a ( x ) . P : 0 Γ , a : T ` P : w Γ ` ( ν ν ν a ) P : w Γ ` P 1 : w 1 Γ ` P 2 : w 2 Γ ` P 1 | P 2 : max ( w 1 , w 2 ) Figure 1: T yping and Subtyping Rules a ( x ) . P | a h v i − → P [ v / x ] ! a ( x ) . P | a h v i − → ! a ( x ) . P | P [ v / x ] P − → P 0 P | Q − → P 0 | Q P − → P 0 ( ν ν ν a ) P − → ( ν ν ν a ) P 0 Q ≡ P P − → P 0 P 0 ≡ Q 0 Q − → Q 0 Figure 2: Reduction of Processes Reduction and termination. The definition of the operational semantics relies on a relation of struc- tural congruence, noted ≡ , which is the smallest equiv alence relation that is a congruence, contains α -con version, and satisfies the follo wing axioms: P | ( Q | R ) ≡ ( P | Q ) | R P | Q ≡ Q | P P | 0 0 0 ≡ P ( ν ν ν a ) 0 0 0 ≡ 0 0 0 ( ν ν ν a )( ν ν ν b ) P ≡ ( ν ν ν b )( ν ν ν a ) P ( ν ν ν a ) ( P | Q ) ≡ P | ( ν ν ν a ) Q if a / ∈ fn ( P ) Note in particular that there is no structural congruence law for replication. Reduction, written − → , is defined by the rules of Figure 2. Definition 2 (T ermination) A pr ocess P di verges if ther e e xists an infinite sequence of pr ocesses ( P i ) i ≥ 0 such that P = P 0 and for any i, P i − → P i + 1 . P terminates (or P is terminating) if P does not diver ge . 2.2 Properties of the T ype System W e first state some (mostly standard) technical properties satisfied by our system. I. Cristescu, D. Hirschkof f 49 Lemma 3 If Γ ` P : w and w 6 = 0 then for any w 0 ≥ w, Γ ` P : w 0 . Proposition 4 (Narr owing) If Γ , x : T ` P : w and T 0 ≤ T , then Γ , x : T 0 ` P : w 0 for some w 0 ≤ w. Lemma 5 If P ≡ Q, then Γ ` P : w if f Γ ` Q : w. Lemma 6 If Γ , x : T ` P : w, Γ ` b : T 0 and T 0 ≤ T then Γ ` P [ b / x ] : w 0 , for some w 0 ≤ w. Proof (sk etch). This is a consequence of Lemma 4, as we replace x by a name of smaller type. Theorem 7 (Subject r eduction) If Γ ` P : w and P − → P 0 , then Γ ` P 0 : w 0 for some w 0 ≤ w. Proof (sketch). By induction ov er the deriv ation of P − → P 0 . The most interesting case corresponds to the case where P = ! a ( x ) . P 1 | a h v i − → P 0 = ! a ( x ) . P 1 | P 1 [ v / x ] . By typability of P , we hav e Γ ` ! a ( x ) . P 1 : 0 . Let T a = Γ ( a ) . T ypability of P gives Γ , x : T ` P 1 : w 1 for some T and w 1 such that T a ≤ i k T and w 1 < k ≤ lvl ( a ) . T ypability of a h v i giv es T a ≤ o k 0 U for some k 0 ≥ lvl ( a ) , with w = k 0 and Γ ` v : U . The two constraints on T a entail T ≤ U , and hence, by Lemma 6, Γ ` P 1 [ v / x ] : w 2 for some w 2 ≤ w 1 ≤ lvl ( a ) ≤ k 0 . W e then conclude Γ ` P 0 : w 2 . T ermination. Soundness of our type system, that is, that e very typable process terminates, is proved by defining a measure on processes that decreases at each reduction step. A typing judgement Γ ` P : w yields the weight w of process P , but this notion is not sufficient (for instance, a | a | a − → a , and the weight is preserved). W e instead adapt the approach of [1], and define the measure as a multiset of natural numbers. This is done by induction over the deriv ation of a typing judgement for the process. W e will use D to range over typing deriv ations, and write D : Γ ` P : w to mean that D is a deriv ation of Γ ` P : w . T o deduce termination, we rely on the multiset extension of the well-founded order on natural num- bers, that we write > mul . M 2 > mul M 1 holds if M 1 = N ] N 1 , M 2 = N ] N 2 , N being the maximal such multiset ( ] is multiset union), and for all e 1 ∈ N 1 there is e 2 ∈ N 2 such that e 1 < e 2 . The relation > mul is well-founded. W e write M 1 ≥ mul M 2 if M 1 > mul M 2 or M 1 = M 2 . Definition 8 Suppose D : Γ ` P : w. W e define a multiset of natural numbers, noted M ( D ) , by induction over D as follows: If D : Γ ` 0 0 0 then M ( D ) = / 0 If D : Γ ` a h b i : k then M ( D ) = { l vl ( a ) } If D : Γ ` ! a ( x ) . P : 0 then M ( D ) = / 0 If D : Γ ` a ( x ) . P : w , then M ( D ) = M ( D 1 ) , wher e D 1 : Γ , x : T ` P : w If D : Γ ` ( ν ν ν a ) P : w , then M ( D ) = M ( D 1 ) , wher e D 1 : Γ , a : T ` P : w If D : Γ ` P 1 | P 2 : max ( w 1 , w 2 ) , then M ( D ) = M ( D 1 ) ] M ( D 2 ) , wher e D i : Γ ` P i , i = 1 , 2 Given Γ and P, we define M Γ ( P ) , the measur e of P with r espect to Γ , as follows: M Γ ( P ) = min ( M ( D ) , D : Γ ` P : w for some w ) . Note that in the case of output in the above definition, we refer to lvl ( a ) , which is the lev el of a according to Γ (that is, without using subtyping). W e hav e that if Γ ` P : w , then ∀ k ∈ M Γ ( P ) , k ≤ w . 50 T ermination in a π -calculus with Subtyping Lemma 9 Suppose Γ ` P : w, Γ ( x ) = T , Γ ( v ) = T 0 and T 0 ≤ T . Then M Γ ( P ) ≥ mul M Γ ( P [ v / x ]) . Proof F ollo ws from Lemma 6, and by definition of M Γ ( · ) .  Lemma 10 If Γ ` P : w and P ≡ Q, then Γ ` Q : w 0 for some w 0 and M Γ ( P ) = M Γ ( Q ) . W e are now able to deri ve the essential property of M Γ ( · ) : Lemma 11 If Γ ` P : w and P − → P 0 , then M Γ ( P ) > mul M Γ ( P 0 ) . Theorem 12 (Soundness) If Γ ` P : w, then P terminates. Proof Suppose that P div erges, i.e., there is an infinite sequence ( P i ) i ∈ N , where P i − → P i + 1 , P = P 0 . According to Theorem 7 e v ery P i is typable. Using Lemma 11 we have M Γ ( P i ) > mul M Γ ( P i + 1 ) for all i , which yields a contradiction.  Remark 13 ( ` a la Curry vs ` a la Church) Our system is presented ` a la Curry . Existing systems for ter- mination [5, 4] ar e ` a la Chur ch, while the usual pr esentations of i/o-types [11] ar e ` a la Curry . The latter style of pr esentation is better suited to addr ess type infer ence (see Section 4). This has however some technical consequences in our proofs. Most importantly , the measur e on pr ocesses (Definition 8) would be simpler when working ` a la Chur ch, because we could avoid to consider all possible derivations of a given judgement. W e are not awar e of Chur ch-style pr esentations of i/o-types. 3 Expr essiveness of our T ype System For the purpose of the discussions in this section, we work in a polyadic calculus. The extension of our type system to handle polyadicity is rather standard, and brings no particular dif ficulty . 3.1 A More Flexible Handling of Le vels Our system is strictly more expressiv e than the original one by Deng and Sangiorgi [5], as expressed by the two follo wing observ ations (Lemma 14 and Example 15): Lemma 14 Any pr ocess typable accor ding to the first type system of [5] is typable in our system. Proof The presentation of [5] differs slightly from ours. The first system presented in that paper can be recast in our setting by working with the # capability only (thus disallowing subtyping), and requiring type ] k T for a in the first premise of the rules for output, finite input and replicated input. W e write Γ ` D P : w for the resulting judgement. W e establish that Γ ` D P : w implies Γ ` P : w by induction ov er the deriv ation of Γ ` D P : w .  W e now present an example showing that the flexibility brought by subtyping can be useful to ease programming. W e view replicated processes as servers, or functions. Our example shows that it is possible in our system to inv oke a server by passing names having different le vels, provided some form of coherence (as expressed by the subtyping relation) is guaranteed. This form of “polymorphism on le vels” is not a vailable in pre vious type systems for termination in the π -calculus. Example 15 (Lev el-polymorphism) Consider the following definitions (in addition to polyadicity , we accommodate the first-or der type of natural numbers, with corr esponding primitive operations): F 1 = ! f 1 ( n , r ) . r h n ∗ n i F 2 = ! f 2 ( m , r ) . ( ν ν ν s )  f 1 h m + 1 , s i | s ( x ) . r h x + 1 i  Q = ! g ( p , x , r ) . ( ν ν ν s )  p h x , s i | s ( y ) . p h y , r i  I. Cristescu, D. Hirschkof f 51 F 1 is a server , running at f 1 , that returns the squar e of a inte ger on a continuation channel r (which is its second ar gument). F 2 is a server that computes similarly ( m + 1 ) 2 + 1 , by making a call to F 1 to compute ( m + 1 ) 2 . Both F 1 and F 2 can be viewed as implementations of functions of type int -> int . Q is a “higher-or der server”: its first ar gument p is the address of a server acting as a function of type int -> int , and Q r eturns the r esult of calling twice the function located at p on its ar gument (pr ocess Q thus somehow acts like Chur ch numer al 2 ). Let us now examine how we can typec heck the pr ocess F 1 | F 2 | Q | g h f 1 , 4 , t 1 i | g h f 2 , 5 , t 2 i . F 2 contains a call to f 1 under a r eplicated input on f 2 , which forces lvl ( f 2 ) > lvl ( f 1 ) . In the type systems of [5], this pr events us fr om typing the pr ocesses above, since f 1 and f 2 should have the same type (and hence in particular the same level), both being used as ar gument in the outputs on g. W e can type this pr ocess in our setting, thanks to subtyping, for instance by assigning the following types: g : o k g ( o k 2 T , U , V ) , f 2 : ] k 2 T , f 1 : ] k 1 T , with k 1 < k 2 . It can be sho wn that this example cannot be typed using any of the systems of [5]. It can ho we ver be phrased (and hence recognised as terminating) in the “purely functional π -calculus” of [4], that is, using a semantics-based approach — see also Section 3.3. It should ho we ver not be difficult to present a v ariation on it that forces one to rely on lev els-based type systems. 3.2 Encoding the Simply-T yped λ -calculus W e now push further the in vestigation of the ability to analyse terminating functional behaviour in the π -calculus using our type system, and study an encoding of the λ -calculus in the π -calculus. W e focus on the following parallel call-by-value encoding, but we believe that the analogue of the results we present here also holds for other encodings. A λ -term M is encoded as [ [ M ] ] p , where p is a name which acts as a parameter in the encoding. The encoding is defined as follo ws: [ [ λ x . M ] ] p d e f = ( ν ν ν y ) ( ! y ( x , q ) . [ [ M ] ] q | p h y i ) [ [ x ] ] p d e f = p h x i [ [ M N ] ] p d e f = ( ν ν ν q , r )  [ [ M ] ] q | [ [ N ] ] r | q ( f ) . r ( z ) . f h z , p i  W e can make the follo wing remarks: • A simply-typed λ -term is encoded into a simply-typed process (see [13]). T ypability for termina- tion comes into play in the translation of λ -abstractions. • The tar get of this encoding is L π , the localised π -calculus in which only the output capability is transmitted (see also Section 4.1). [3] pro vides a counterexample to typability of this encoding for the first type system of [5] (the proof of this result also entails that typability according to the other , more expressiv e, type systems due to Deng and Sangiorgi also f ails to hold). Let us analyse this example: Example 16 (From [3]) The λ -term M 1 d e f = f ( λ x . ( f u ( u v )) can be typed in the simply typed λ - calculus, in a typing context containing the hypotheses f : ( σ − → τ ) − → τ − → τ , v : σ , u : σ − → τ . 52 T ermination in a π -calculus with Subtyping Computing [ [ M 1 ] ] p yields the pr ocess: ( ν ν ν q , r ) ( ν ν ν y )  r h y i | ! y ( x , q 0 ) . ( ν ν ν q 1 , r 1 , q 2 , r 2 , q 3 , r 3 )  q 2 h f i | r 2 h u i | q 2 ( f 2 ) . r 2 ( z 2 ) . f 2 h z 2 , q 1 i [ [ f u ] ] q 1 | q 3 h u i | r 3 h v i | q 3 ( f 3 ) . r 3 ( z 3 ) . f 3 h z 3 , r 1 i [ [ u v ] ] r 1 | q 1 ( f 1 ) . r 1 ( z 1 ) . f 1 h z 1 , q 0 i        [ [ λ x . ( f u ( u v ))] ] r | q h f i | q ( f 0 ) . r ( z ) . f 0 h z , p i If we try and type this term using the first type system of [5], we can r eason as follows: 1. By looking at the line corresponding to [ [ f u ] ] q 1 , we deduce that the types of f and f 2 ar e unified, and similarly for z 2 and u. 2. Similarly , the ne xt line ( [ [ u v ] ] r 1 ) implies that the types of f 3 and u ar e unified. 3. The last line above entails that the types assigned to f and f 0 must be unified, and the same for the types of z and y (because of the output r h y i ). If we write ] k h T 1 , T 2 i for the type (simple) assigned to f , we have by r emark 1 that u has type T 1 , and the same holds for y by r emark 3. In or der to typecheck the r eplicated term, we must have lvl ( y ) > lvl ( f 3 ) = lvl ( u ) by r emark 2, which is impossible since y and u have the same type . While [ [ M 1 ] ] p cannot be typed using the appr oac h of [5], it can be using the system of Section 2. Indeed, in that setting y and u need not have the same levels, so that we can satisfy the constraint lvl ( y ) > lvl ( u ) . The last line above generates an output f h y , p i , which can be typed dir ectly , without use of subtyping. T o typecheck the output f h u , q 1 i , we “promote” the level of u to the level of y thanks to subtyping, whic h is possible because only the output capability on u is transmitted along f . It ho wever appears that our system is not able to typecheck the image of ST λ , as the follo wing (new) counterexample sho ws: Example 17 W e first look at the following rather simple π -calculus pr ocess: ( ν ν ν u )  ! u ( x ) . x | ( ν ν ν v ) ( ! v . u h t i | u h v i )  . This pr ocess is not typable in our type system, although it terminates. Indeed, we can assign a type of the form ] k o n U to u, and ] m U to v. T ype-checking the subterm ! v . u h t i imposes k < m, and type-checking ! u ( x ) . x imposes k > n. F inally , type-chec king u h v i gives m ≤ n, which leads to an inconsistency . W e can somehow ‘expand’ this pr ocess into the encoding of a λ -term: consider indeed M 2 d e f =  λ u . ( ( λ v . ( u v )) ( λ y . ( u t )))  ( λ x . ( x a )) . W e do not pr esent the (r ather comple x) pr ocess corr esponding to [ [ M 2 ] ] p . W e instead r emark that ther e is a sequence of r eductions starting fr om [ [ M 2 ] ] p and leading to ! y 1 ( u , q 1 ) .  ! y 3 ( v , q 4 ) . u h v , q 4 i | ! y 5 ( y , q 5 ) . u h t , q 5 i | y 3 h y 5 , q 1 i  | ! y 2 ( x , q 2 ) . x h a , q 2 i | y 1 h y 2 , p i . These first reduction steps correspond to ‘administrative r eductions’ (which have no counterpart in the original λ -calculus term). W e can now perform some communications that corr espond to β -reductions, and obtain a pr ocess which contains a subterm of the form u h v , p i | ! v ( y , q 5 ) . u h t , q 5 i | ! u ( x , q 2 ) . x h a , q 2 i . Some c hannel names appear in boldface in order to str ess the similarity with the pr ocess seen above: for the same reasons, this term cannot be typed. By subject r eduction (Theor em 7), a typable term can only r educe to a typable term. This allows us to conclude that [ [ M 2 ] ] p is not typable in our system. I. Cristescu, D. Hirschkof f 53 Γ , x : T • − ` P : w k ≥ w Γ • f : o k T ` ! f ( x ) . P : 0 Γ , f : o k T ` a : o n U Γ , f : o k T ` v : U Γ • f : o k T ` a h v i : n Γ ` c : i n T Γ , x : T , f : o k U • − ` P : w n > w Γ • f : o k U ` c ( x ) . P : 0 Γ ` c : i n T Γ , x : T , f : o k U • − ` P : w n > w Γ • f : o k U ` ! c ( x ) . P : 0 Γ • f : o k T ` P 1 Γ • f : o k T ` P 2 Γ • f : o k T ` P 1 | P 2 Γ , g : o k T • f : o n U ` P : w Γ • g : o k T ` ( ν ν ν f ) P : w Γ , c : ] n T • f : o k U ` P : w Γ • f : o k U ` ( ν ν ν c ) P : w Figure 3: T yping Rules for an Impure Calculus 3.3 Subtyping and Functional Names In order to handle functional computation as expressed by ST λ , we e xtend the system of Section 2 along the lines of [4]. The idea is to classify names into functional and imperative names. Intuiti vely , functional names arise through the encoding of ST λ . For termination, these are dealt with using an appropriate method — the ‘semantics-based’ approaches discussed in Section 1, and introduced in [15, 12]. For imperati ve names, we resort to (an adaptation of) the rules of Section 2. Our type system is ` a la Curry , and the kind of a name, functional or imperative, is fix ed along the construction of a typing deriv ation. T yping en vironments are of the form Γ • f : o k T — the intuition is that we isolate a particular name, f . f is the name which can be used to build replicated inputs where f is treated as a functional name. The typing rules are gi ven on Figure 3. There are two rules to typecheck a restricted process, according to whether we want to treat the restricted name as functional (in which case the isolated name changes) or imperati ve (in which case the typing hypothesis is added to the Γ part of the typing en vironment). The typing rules of Figure 3 rely on i/o-capabilities and the isolated name to enforce the usage of functional names as expressed in [12]. In [4], a specific syntactical construct is instead used: we manipulate processes of the form def f = ( x ) P 1 in P 2 (that can be read as ( ν ν ν f ) ( ! f ( x ) . P 1 | P 2 ) ), where f does not occur in P 1 and occurs in output position only in P 2 . Let us analyse ho w our system imposes these constraints. In the rule for restriction on a functional name, the name g , that occurs in ‘isolated position’ in the conclusion of the rule, is added in the ‘non isolated’ part of the typing en vironment in the premise, with a type allo wing one to use it in output only . In the rules for input on an imperati ve name (replicated or not), the typing en vironment is of the form Γ • − in the premise where we typecheck the continuation process: this has to be understood as Γ • d : o k T , for some dummy name d that is not used in the process being typed. W e write ‘ − ’ to stress the fact that we disallo w the construction of replicated inputs on functional names. The functional name f appears in the aforementioned premise in the ‘non isolated’ part of the typing environment, with only the output rights on it. Forbidding the creation of replicated inputs on functional names under input 54 T ermination in a π -calculus with Subtyping prefixes is necessary because of di ver ging terms like the follo wing ( c is imperati ve, f is functional): c ( x ) . ! f ( y ) . x h y i | c h f i | f h v i . Note also that typing non replicated inputs (on imperativ e names) in volves the same constraints as for replicated inputs, like in [4]: the relaxed control ov er functional names requires indeed to be more restricti ve on all usages of imperati ve names. The notation Γ • − is also used in the rule to type a replicated input on a functional name, and we can notice that in this case f cannot be used at all in the premise, to avoid recursion. In addition to the gain in expressi veness brought by subtyping, we can make the follo wing remark: Remark 18 (Expressi veness) As in [4], our system allows one to typec heck the encoding of a ST λ term, by tr eating all names as functional, and assigning them level 0 . Mor eover , our type system makes it possible to typec heck pr ocesses wher e several r eplicated inputs on the same functional name coe xist, pr ovided the y occur ‘at the same level’ in the term. F or instance, a term of the form ( ν ν ν f ) ( ! f ( x ) . P | ! f ( y ) . Q | R ) can be well-typed with f acting as a functional name . This is not possible using the def construct of [4]. Another form of expressi veness brought by our system is gi ven by typability of the follo wing process: ! u ( x ) . x | ! v . u h t i | u h v i | c ( y ) . u h c i . Here, name c must be imperativ e while name v must be functional, and both are emitted on u . This is impossible in [4], where ev ery channel carries either a functional or an imperati ve name. In our setting, only the output capability on c is transmitted along u , so in a sense c is transmitted ‘as a functional name’. Because of the particular handling of restrictions on functional names, the analogue of Lemma 5 does not hold for this type system: typability is not preserv ed by structural congruence. Accordingly , the subject reduction property is stated in the follo wing way: Theorem 19 (Subject r eduction) If Γ • f : o k T ` P : w and P − → P 0 , then ther e e xist Q and w 0 ≤ w s.t. P 0 ≡ Q and Γ • f : o k T ` Q : w 0 . Theorem 20 (Soundness) If Γ • f : o k T ` P : w, then P terminates. Proof (sketch). The proof has the same structure as the corresponding proof in [4]. An important aspect of that proof is that we exploit the termination property for the calculus where all names are functional without looking into it. T o handle the imperati ve part, we must adapt the proof along the lines of the termination argument for Theorem 12. 4 T ype Inference W e now study type inference, that is, giv en a process P , the e xistence of Γ , w such that Γ ` P : w . There might a priori be sev eral such Γ (and se veral w : see Lemma 3). T ype inference for le vel-based systems has been studied in [2], in absence of i/o-types. W e first present a type inference procedure in a special case of our type system, and then discuss this question in the general case. 4.1 T ype Inference f or T ermination in the Localised π -calculus In this section, we concentrate on the localised π -calculus , L π , which is defined by imposing that chan- nels transmit only the output capability on names: a process like a ( x ) . x ( y ) . 0 0 0 does not belong to L π , as it makes use of the input capability on x . From the point of view of implementations, the restriction to L π I. Cristescu, D. Hirschkof f 55 makes sense. For instance, the language JoCaml [10] implements a variant of the π -calculus that follows this approach: one can only use a receiv ed name in output. Similarly , the communication primitiv es in Erlang [9] can also be viewed as obeying to the discipline of L π : asynchronous messages can be sent to a PiD (process id), and one cannot create dynamically a receiving agent at that PiD: the code for the recei ver starts running as soon as the PiD is allocated. T echnically , L π is introduced by allo wing the transmission of o-types only . W e write Γ ` L π P : w if Γ ` P : w can be deriv ed in such a way that in the deriv ation, whenev er a type of the form η k η 0 k 0 T occurs, we ha ve η 0 = o (types of the form i k T and ] k T appear only when typechecking input prefixes and restrictions). Obviously , typability for ` L π entails typability for ` , hence termination. It can also be remarked that in restricting to L π , we keep an important aspect of the flexibility brought by our system. In particular, the examples we hav e discussed in Section 3 — Example 15, and the encoding of the λ -calculus — belong to L π . W e no w describe a type inference procedure for ` L π . For lack of space, we do not provide all details and proofs. W e first check typability when levels are not taken into account. For this, we rely on a type inference algorithm for simple types [14], together with a simple syntactical check to verify that no receiv ed name is used in input. When this first step succeeds, we replace ] T types with o T types appropriately in the outcome of the procedure for simple types (a type variable may be assigned to some names, as, e.g., to name x in process a ( x ) . b h x i ). What remains to be done is to find out whether types can be decorated with lev els in order to ensure termination. As mentioned above, we suppose w .l.o.g. that we have a term P in which all bound names are pairwise distinct, and distinct from all free names. W e define the following sets of names: • names ( P ) stands for the set of all names, free and bound, of P ; • bn ( P ) is the set of names that appear bound (either by restriction or by input) in P ; • rcv ( P ) is the set of names that are bound by an input prefix in P ( x ∈ rcv ( P ) iff P has a subterm of the form a ( x ) . Q or ! a ( x ) . Q for some a , Q ); • res ( P ) stands for the set of names that are restricted in P ( a ∈ res ( P ) iff P has a subterm of the form ( ν ν ν a ) Q for some Q ). W e hav e bn ( P ) = rcv ( P ) ] res ( P ) (where ] stands for disjoint union), and names ( P ) = bn ( P ) ] fn ( P ) . Moreov er , for any x ∈ rcv ( P ) , there exists a unique a ∈ fn ( P ) ∪ res ( P ) such that P contains the prefix a ( x ) or the prefix ! a ( x ) : we write in this case a = father ( x ) ( a ∈ fn ( P ) ∪ res ( P ) , because we are in L π ). W e build a graph as follo ws: • For ev ery name n ∈ fn ( P ) ∪ res ( P ) , create a node labelled by n , and create a node labelled by son ( n ) . Intuitiv ely , if n has type ] k S of o k S , son ( n ) has type S . In case type inference for simple types returns a type of the form α , where α is a type variable, for n , we just create the node n . • For e very x ∈ rcv ( P ) , let a = father ( x ) , add x as a label to son ( a ) . Example 21 W e associate to the pr ocess P = a ( x ) . ( ν ν ν b ) x h b i | ! a ( y ) . ( c h y i | d ( z ) . y h z i ) the following set of 8 nodes with their labels: { a } , { son ( a ) , x , y } , { b } , { son ( b ) } , { c } , { son ( c ) , y } , { d } , { son ( d ) , z } . The next step is to insert edges in our graph, to represent the constraints between le vels. • For e very output of the form n h m i , we insert an edge labelled with “ ≥ ” from son ( n ) to m . • For every subterm of P of the form ! a ( x ) . Q , and for ev ery output of the form n h m i that occurs in Q without occurring under a replication in Q , we insert an edge a > − → n . 56 T ermination in a π -calculus with Subtyping Example 22 The graph associated to pr ocess ! c ( z ) . b h z i | a h c i | a h b i has nodes { a } , { son ( a ) } , { b } , { son ( b ) } , { c } , { son ( c ) , z } , and can be depicted as follows: a b c < o o son ( a ) ≥ : : t t t t t t t t t t ≥ 4 4 i i i i i i i i i i i i i i i i i i i i i i son ( b ) ≥ / / { son ( c ) , z } The last phase of the type inference procedure consists in looking for an assignment of levels on the graph: this is possible as long as there are no cycles in volving at least one > − → edge in the graph. At the beginning, all nodes of the graph are unlabelled; we shall label them using natural numbers. 1. W e go through all nodes of the graph, and collect those that hav e no outgoing edge leading to an unlabelled node in a set S . 2. If S is not empty , we label every node n in S as follows: we start by setting n ’ s label to 0. W e then examine all outgoing edges of n . For every n ≥ − → m , we replace n ’ s label, say k , with max ( k , k 0 ) , where k 0 is m ’ s label, and similarly for n > − → m edges, with max ( k , k 0 + 1 ) . W e then empty S , and start again at step 1. 3. If S = / 0, then either all nodes of the graph are labelled, in which case the procedure terminates, or the graph contains at least one oriented cycle. If this cycle contains at least one > − → edge, the procedure stops and reports failure. Otherwise, the cycle in volves only ≥ − → edges: we compute the le vel of each node of the cycle along the lines of step 2 (not taking into account nodes of the c ycle among outgoing edges), and then assign the maximum of these labels to all nodes in the cycle. W e start again at step 1. This procedure terminates, since each time we go back to step 1, strictly more nodes are labelled. Example 23 On the graph of Example 22, the pr ocedur e first assigns level 0 to nodes a , b and { son ( c ) , z } . In the second iteration, S = { son ( b ) , c } ; le vel 0 is assigned to son ( b ) , and 1 to c. F inally , level 1 is assigned to son ( a ) . This yields the typing b : o 0 o 0 T , c : ] 1 o 0 T , a : o 0 o 1 o 0 T for the pr ocess of Example 22. As announced above, for lack of space we have described only the main steps of our type inference procedure. Establishing that the latter has the desired properties in volves the introduction of an auxiliary typing judgement (that characterises ` L π ), and explaining ho w types are reconstructed at the end of the procedure. This finally leads to the follo wing result: Theorem 24 Ther e is a type infer ence pr ocedur e that given a pr ocess P, r eturns Γ , w s.t. Γ ` L π P : w if f ther e e xists Γ 0 , w 0 s.t. Γ 0 ` L π P : w 0 . 4.2 Discussion: Inferring i/o-T ypes If we consider type inference for the whole system of Section 2, the situation is more complex. W e start by discussing type inference without taking the levels into account. If a process is typable using simple types (that is, with only types of the form ] T ), one is interested in providing a more informative typing deri vation, where input and output capabilities are used. For instance, the process a ( x ) . x h t i can be typed using different assignments for a : i o T , ] o T , i ] T , and ] ] T — if we suppose t : T . Among these, i o T is the most informati ve (intuitiv ely , types featuring I. Cristescu, D. Hirschkof f 57 ‘less #’ seem preferable because they are more precise). Moreov er , it is a supertype of all other types, thus acting as a ‘candidate’ if we were to look for a notion of principal typing. Actually , in order to infer i/o-types, one must be able to compute lubs and glbs of types, using equations like gl b ( i T , i U ) = i gl b ( T , U ) , gl b ( i T , o U ) = ] gl b ( T , U ) , and gl b ( o T , o U ) = o l ub ( T , U ) . The contrav ariance of o suggests the introduction of an additional capability , that we shall note ↑ , which builds a supertype of input and output capabilities (more formally , we add the axioms i T ≤↑ T and o T ≤↑ T ). [7] presents a type inference algorithm for (an enrichment of) i/o-types, where such a capability ↑ is added to the system of [11] (the notations are different, but we adapt them to our setting for the sake of readability). The use of ↑ can be illustrated on the following e xample process: Q 1 d e f = a ( t ) . b ( u ) .  ! t ( z ) . u h z i | c h t i | c h u i  . T o typecheck Q 1 , we can see that the input (resp. output) capability on t (resp. u ) needs to be receiv ed on a (resp. b ), which suggests the types a : i i T , b : i o T . Since t and u are emitted on the same channel c , and because of contrav ariance of output, we compute a supertype of i T and o T , and assign type o ↑ T to c . Operationally , the meaning of ↑ is “no i/o-capability at all” (note that this does not prev ent from comparing names, which may be useful to study beha vioural equi v alences [6]): in the typing we just described, since we only ha ve the input capability on t and the output capability on u , we must renounce to all capabilities, and t and u are sent without the receiver to be able to do anything with the name except passing it along. Observe also that depending on ho w the context uses c , a dif ferent typing can be introduced. For instance, Q 1 can be typed by setting a : i ] T , b : i o T , c : o o T . This typing means that the output capability on u is recei ved, used, and transmitted on c , and both capabilities on t are receiv ed, the input capability being used locally , while the output capability is transmitted on c . The first typing, which inv olves ↑ , is the one that is computed by the procedure of [7]. It is “minimal”, in the terminology of [7]. Depending on the situations, a typing like the second one (or the symmetrical case, where the input capability is transmitted on c ) might be preferable. If we take lev els into account, and try and typecheck Q 1 (which contains a replicated subterm), the typings mentioned above can be adapted as follo ws: we can set a : i 0 ] 1 T , b : i 0 o 0 T , c : o 0 o 1 T , in which case subtyping on lev els is used to deduce u : o 1 T in order to typecheck c h u i . Symmetrically , we can also set a : i 0 i 1 T , b : i 0 ] 0 T , c : o 0 i 0 T , and typecheck c h t i using subsumption to deduce t : i 0 T . It is not clear to us ho w lev els should be handled in relation with the ↑ capability . One could think that since ↑ prev ents any capability to be used on a name, le vels ha ve no use, and one could simply adopt the subtyping axioms i k T ≤↑ T and o k T ≤↑ T . This would indeed allo w us to typecheck Q 1 . Further inv estigations on a system for i/o-types with ↑ and lev els is left for future work, as well as the study of inference for such a system. 5 Concluding Remarks In this paper , we hav e demonstrated how Pierce and Sangiorgi’ s i/o-types can be exploited to refine the analysis of the simplest of type systems for termination of processes presented in [5]. Other , more complex systems are presented in that work, and it would be interesting to study whether they would benefit from the enrichment with capabilities and subtyping. One could also probably refine the system of Section 2 by distinguishing between linear and r eplicated input capabilities , as only the latter must be controlled for termination (if a name is used in linear input only , its le vel is irrele v ant). The question of type inference for our type systems (differently from existing proposals, these are presented ` a la Curry , which is better suited for the study of type inference) can be studied further . It would 58 T ermination in a π -calculus with Subtyping be interesting to analyse ho w the procedure of Section 4.1 could be ported to programming languages that obey the discipline of L π for communication, like Erlang or JoCaml. For the moment, we only hav e preliminary results for a type inference procedure for the system of Section 2, and we w ould like to explore this further . T ype inference for the system of Section 3.3 is a challenging question, essentially because making the distinction between functional and imperativ e names belongs to the inference process (contrarily to the setting of [4], where the syntax of processes contains this information). Acknowledgements. Romain Demangeon, as well as anonymous referees, have provided insightful comments and suggestions on this work. W e also acknowledge support by ANR projects ANR-08- BLANC-0211-01 ”COMPLICE”, ANR-2010-BLANC-0305-02 ”PiCoq” and CNRS PEPS ”COGIP”. Refer ences [1] R. Demangeon (2010): T erminaison des syst ` emes concurr ents . Ph.D. thesis, ENS Lyon. [2] R. Demangeon, D. Hirschkof f, N. K obayashi & D. Sangiorgi (2007): On the Complexity of T ermination Infer ence for Pr ocesses . In: Proc. of TGC’07 , LNCS 4912, Springer, pp. 140–155, doi:10.1007/978-3-540- 78663-4 11. [3] R. Demangeon, D. Hirschkof f & D. Sangior gi (2009): Mobile Pr ocesses and Termination . In: Semantics and Algebraic Specification , LNCS 5700, Springer , pp. 250–273, doi:10.1007/978-3-642-04164-8 13. [4] R. Demangeon, D. Hirschkoff & D. Sangiorgi (2010): T ermination in Impure Concurr ent Languages . In: Proc. of CONCUR’10 , LNCS 6269, Springer , pp. 328–342, doi:10.1007/978-3-642-15375-4 23. [5] Y . Deng & D. Sangiorgi (2006): Ensuring termination by typability . Inf. Comput. 204(7), pp. 1045–1082, doi:10.1016/j.ic.2006.03.002. [6] M. Hennessy & J. Rathke (2004): T yped behaviour al equivalences for pr ocesses in the pr esence of subtyping . Math. Str . in Comp. Sc. 14(5), pp. 651–684, doi:10.1017/S0960129504004281. [7] A. Igarashi & N. Kobayashi (2000): T ype Reconstruction for Linear -Calculus with I/O Subtyping . Inf. Comput. 161(1), pp. 1–44, doi:10.1006/inco.2000.2872. [8] N. Kobayashi & D. Sangiorgi (2010): A hybrid type system for lock-fr eedom of mobile pr ocesses . A CM T rans. Program. Lang. Syst. 32(5), doi:10.1145/1745312.1745313. [9] Ericsson Computer Science Laboratory (2011): Erlang Pr ogramming Language W ebsite . http://www. erlang.org . [10] L. Mandel & L. Maranget (2010): The JoCaml pr ogramming langua ge . http://jocaml.inria.fr/ . [11] B. C. Pierce & D. Sangiorgi (1996): T yping and Subtyping for Mobile Pr ocesses . Math. Structures in Comput. Sci. 6(5), pp. 409–453. [12] D. Sangiorgi (2006): T ermination of Processes . Math. Structures in Comput. Sci 16(1), pp. 1–39, doi:10.1017/S0960129505004810. [13] D. Sangiorgi & D. W alker (2001): The π -calculus: a Theory of Mobile Pr ocesses . Cambridge Univ . Press. [14] V . T . V asconcelos & K. Honda (1993): Principal T yping Schemes in a P olyadic pi-Calculus . In: Proc. of CONCUR’93 , Lecture Notes in Computer Science 715, Springer , pp. 524–538, doi:10.1007/3-540-57208- 2 36. [15] N. Y oshida, M. Berger & K. Honda (2004): Str ong Normalisation in the Pi-Calculus. Information and Computation 191(2), pp. 145–202, doi:10.1016/j.ic.2003.08.004.