Domains and Lambda-calculi

Domains and Lambda-Calculi Roberto M. Amadio LIM, Marseille Pierre-Louis Curien LIENS, Paris November 21, 1996 Cont...

Author: Roberto M. Amadio | Pierre-Louis Curien

68 downloads 1500 Views 4MB Size Report

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form

DOWNLOAD PDF

Domains and Lambda-Calculi Roberto M. Amadio LIM, Marseille

Pierre-Louis Curien LIENS, Paris

November 21, 1996

Contents Preface Notation 1 Continuity and Computability 1.1 1.2 1.3 1.4 1.5 1.6

Directed Completeness and Algebraicity Dcpo's as Topological Spaces : : : : : : Computability and Continuity : : : : : : Constructions on Dcpo's : : : : : : : : : Toy Denotational Semantics : : : : : : : Continuation Semantics * : : : : : : : :

2 Syntactic Theory of the -calculus 2.1 2.2 2.3 2.4

Untyped -Calculus : : : : : : : : : : : The Labelled -Calculus : : : : : : : : : Syntactic Continuity * : : : : : : : : : : The Syntactic Sequentiality Theorem * :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

5 11 13

14 20 22 23 29 32

35

36 43 51 54

3 D1 Models and Intersection Types 57 3.1 D1 Models : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 57 3.2 Properties of D1 Models : : : : : : : : : : : : : : : : : : : : : : : : : : 63 3.3 Filter Models : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 68 3.4 Some D1 Models as Filter Models : : : : : : : : : : : : : : : : : : : : : 75 3.5 More on Intersection Types * : : : : : : : : : : : : : : : : : : : : : : : : 79

4 Interpretation of -Calculi in CCC's 4.1 4.2 4.3 4.4 4.5 4.6

Simply Typed -Calculus : : : : : : : : : Cartesian Closed Categories : : : : : : : : Interpretation of -Calculi : : : : : : : : : From CCC's to -Theories and back : : : Logical Relations : : : : : : : : : : : : : : Interpretation of the Untyped -Calculus

5 CCC's of Algebraic Dcpo's

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

87

88 92 96 99 103 118

123

5.1 Continuous Dcpo's : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 123 5.2 Binite Domains and L-Domains : : : : : : : : : : : : : : : : : : : : : : 127

1

CONTENTS

2

5.3 Full Sub-CCC's of Acpo * : : : : : : : : : : : : : : : : : : : : : : : : : 134 5.4 Full Sub-CCC's of Adcpo * : : : : : : : : : : : : : : : : : : : : : : : : : 139 5.5 Completeness of Well-Ordered Lub's * : : : : : : : : : : : : : : : : : : : 141

6 The Language PCF 6.1 6.2 6.3 6.4 6.5

The Y -Calculus : : : : : : : : : : : : Fixpoint Induction : : : : : : : : : : : The Programming Language Pcf : : : The Full Abstraction Problem for Pcf Towards Sequentiality : : : : : : : : :

7 Domain Equations 7.1 7.2 7.3 7.4

Domain Equations : : Predicate Equations * Universal Domains : : Representation : : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : : : : : : :

8 Values and Computations 8.1 8.2 8.3 8.4 8.5

Representing Computations as Monads : Call-by-value and Partial Morphisms : : Environment Machines : : : : : : : : : : A FA Model for a Parallel -calculus : : Control Operators and Cps Translation

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

: : : : : : : : : : : : : :

145

145 147 149 153 163

167

168 178 182 186

191

192 199 205 209 215

9 Powerdomains

225

10 Stone Duality

241

9.1 Monads of Powerdomains : : : : : : : : : : : : : : : : : : : : : : : : : : 225 9.2 Ccs : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 229 9.3 Interpretation of Ccs : : : : : : : : : : : : : : : : : : : : : : : : : : : : 235 10.1 10.2 10.3 10.4 10.5 10.6

Topological Spaces and Locales : : : The Duality for Algebraic Dcpo's : : Stone Spaces * : : : : : : : : : : : : Stone Duality for Binite Domains * Scott Domains in Logical Form * : : Binite Domains in Logical Form * :

11 Dependent and Second Order Types 11.1 11.2 11.3 11.4 11.5

Domain-Theoretical Constructions : Dependent and Second Order Types Types as Retractions : : : : : : : : : System LF : : : : : : : : : : : : : : System F : : : : : : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

: : : : : : : : : : :

242 249 254 256 258 265

267

269 278 282 287 291

CONTENTS

3

12 Stability 12.1 12.2 12.3 12.4 12.5 12.6

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

Coherence Spaces : : : : : : : : : : : : : : Categorical Interpretation of Linear Logic Hypercoherences and Strong Stability : : Bistructures * : : : : : : : : : : : : : : : : Chu Spaces and Continuity : : : : : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

: : : : :

Conditionally Multiplicative Functions Stable Functions : : : : : : : : : : : : dI-domains and Event Structures : : : Stable Binite Domains * : : : : : : : Connected glb's * : : : : : : : : : : : : Continuous L-domains * : : : : : : : :

: : : : : :

13 Towards Linear Logic 13.1 13.2 13.3 13.4 13.5

14 Sequentiality 14.1 14.2 14.3 14.4

Sequential Functions : : : : : : : : : Sequential Algorithms : : : : : : : : Algorithms as Strategies : : : : : : : Full Abstraction for Pcf + catch * :

15 Domains and Realizability 15.1 15.2 15.3 15.4 15.5 15.6 15.7

A Universe of Realizable Sets : : : Interpretation of System F : : : : : Interpretation of Type Assignment Partiality and Separation in per : Complete per's : : : : : : : : : : : Per's over D1 : : : : : : : : : : : : Interpretation of Subtyping : : : :

: : : : : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

: : : : : : :

299

300 305 311 318 326 331

335

336 341 351 360 371

379

380 386 396 417

429

432 435 437 442 446 454 461

16 Functions and Processes

465

A Memento of Recursion Theory

495

16.1 -calculus : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 465 16.2 A Concurrent Functional Language : : : : : : : : : : : : : : : : : : : : : 481 A.1 Partial Recursive Functions : : : : : : : : : : : : : : : : : : : : : : : : : 495 A.2 Recursively Enumerable Sets : : : : : : : : : : : : : : : : : : : : : : : : 497 A.3 Rice-Shapiro Theorem : : : : : : : : : : : : : : : : : : : : : : : : : : : : 500

B Memento of Category Theory B.1 B.2 B.3 B.4 B.5 B.6

Basic Denitions : : : : : : : : : : : : Limits : : : : : : : : : : : : : : : : : : Functors and Natural Transformations Universal Morphisms and Adjunctions Adjoints and Limits : : : : : : : : : : Equivalences and Reections : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

: : : : : :

501

502 504 506 509 511 513

4

CONTENTS B.7 Cartesian Closed Categories : : : : : : : : : : : : : : : : : : : : : : : : : 514 B.8 Monads : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 515

Preface Denotational semantics is concerned with the mathematical meaning of programming languages. Programs (procedures, phrases) are to be interpreted in categories with structure (by which we mean sets and functions to start with, and suitable topological spaces and continuous functions to continue with). The main goals of this branch of computer science are, in our belief:

To provide rigorous denitions that abstract away from implementation details, and that can serve as an implementation independent reference. To provide mathematical tools for proving properties of programs: as in logic, semantic models are guides in designing sound proof rules, that can then be used in automated proof-checkers like Lcf.

Historically the rst goal came rst. In the sixties Strachey was writing semantic equations involving recursively dened data types without knowing if they had mathematical solutions. Scott provided the mathematical framework, and advocated its use in a formal proof system called Lcf. Thus denotational semantics has from the beginning been applied to the two goals. In this book we aim to present in an elementary and unied way the theory of certain topological spaces, best presented as order-theoretic structures, that have proved to be useful in the modelling of various families of typed -calculi considered as core programming languages and as meta-languages for denotational semantics. This theory is now known as Domain Theory, and has been founded as a subject by Scott and Plotkin. The notion of continuity used in domain theory nds its origin in recursion theory. Here the works of Platek and Ershov come to mind: in Stanford and NovoSibirsk, independently, they both exploited the continuity properties of recursive functionals to build a theory of higher-order recursive functions. Recursion theory is implicit in the basics of domain theory, but becomes again explicit when eective domains are considered. The topic is indebted to lattice theory and topology for ideas and techniques, however the aims are di erent. We look for theories that can be usefully applied to programming languages (and logic). Therefore a certain number of complications arise that are not usually considered. Just to name a few: 5

6

PREFACE

The topologies we are interested in satisfy only a weak separation axiom (T0). This stands in sharp contrast with classical topology based on T2, or Hausdor spaces, but it relates to the subject of pointless topology Joh82]. In applications it is dicult to justify the existence of a greatest element, hence the theory is developed without assuming the existence of arbitrary lub's, that is we will not work with complete lattices. There are several models of computation, certainly an important distinction is the possibility of computing in parallel or in series, hence the development of various notions of continuous, stable, and sequential morphisms. There is a distinction between an explicitly typed program and its untyped run time representation, hence the connection with realizability interpretations.

One of our main concerns will be to establish links between mathematical structures and more syntactic approaches to semantics, often referred to as operational semantics. The distinction operational vs. denotational is reminiscent of the distinction between \function as extension, or as a graph" (say, of a partial recursive function) and \function as a rule, or as an algorithm" (say, the specication of a Turing machine). The qualities of a denotational semantics can be measured in the way it matches an independently dened operational semantics. Conversely, an operational semantics, like any formal system, can be \blessed" by soundness or even completeness results with respect to some denotational semantics. We shall therefore describe operational semantics as well as denotational semantics. In our experience it is essential to insist on these two complementary views in order to motivate computer scientists to do some mathematics and in order to interest mathematicians in structures that are somehow unfamiliar and far away from the traditional core of mathematics. A description of the contents of each chapter follows. Unless stated otherwise we do not claim any novelty for the material presented here. We highlight this by mentioning some of the papers which were most inuential in the writing of each chapter. Chapter 1 introduces the rst concepts in domain theory and denotational semantics: directed complete partial orders, algebraicity, Scott topology. A basic link between Scott continuity and computability (Myhill-Shepherdson theorem) is established. As an application, the denotational semantics of two simple imperative languages are presented, and are shown to be equivalent to their formal operational semantics Sco72, Plo83]. Chapter 2 introduces the untyped -calculus. We establish several of the fundamental theorems of -calculus using a labelling technique due to Levy. In this way we prove the Church-Rosser property, the standardization theorem, and

PREFACE

7

the nite developments theorem. The same technique also yields the strong normalization property for the simply-typed -calculus. Finally, we show the Syntactic Continuity theorem (a further evidence of the role of continuity in the semantics of programming languages) and the Sequentiality theorem, which motivates the semantic study of sequentiality Lev78, Ber79]. Chapter 3 is a case study of the fundamental domain equation D = D ! D, which provides models of the untyped -calculus. We detail the construction of the D1 models, obtained as suitable limits. The chapter is also a case study of Stone duality: the D1 models can also be constructed out of certain theories of \types", or functional characters Bar84, CDHL82]. Chapter 4 is an introduction to the interpretation of simply-typed and untyped -calculi in categories. In particular we develop the categorical models of simply typed and type free -calculus and illustrate the techniques needed to prove the soundness and completeness of the related interpretations LS86, Sco80] Chapter 5 gives a complete presentation of the problem of classifying the largest cartesian closed categories of algebraic directed complete partial orders and continuous morphisms, which was solved by Jung, following earlier work by Smyth. Two important classes of algebraic cpo's come out of this study: binite domains, and L-domains Jun88, Smy83a]. Chapter 6 presents the language Pcf of Scott-Plotkin-Milner. This is a simply typed -calculus extended with xpoints and arithmetic operators. For this calculus we discuss the full abstraction problem, or the problem of the correspondence between denotational and operational semantics Sco93, Plo77]. Chapter 7 presents the basic apparatus for the solution of domain equations. It also includes material on the construction of universal domains, and on the representation of domains by projections Sco72, SP82, DR93, Sco76, ABL86]. Chapter 8 studies -calculi endowed with a reduction strategy that stops at abstractions. We analyse in particular a call-by-value -calculus and a -calculus with control operators. We introduce the semantic aspects of these calculi via a unifying framework proposed by Moggi and based on the idea of computationas-monad Plo75, Plo85, Mog89, Bou94]. Chapter 9 concentrates on powerdomains constructions (loosely speaking a powerset construction in domain theory) and their applications to the semantics of non-deterministic and concurrent computations. On the denotational side we develop the theory of Plotkin's convex powerdomain. On the syntactic side we introduce a process calculus (Milner's Ccs) and its operational semantics based on the notion of bisimulation. We interpret Ccs using a domain equation which involves the convex powerdomain and relate the denotational semantics to the operational one Plo76, Mil89, Abr91a]. Chapter 10 presents Stone duality (originally the correspondence between Boolean algebras and certain topological spaces), applied to domains. Algebraic domains can be reconstructed from their compact elements, or from the opens of their Scott topology, which can be viewed as observable properties. Elements

8

PREFACE

are then certain kinds of lters of properties. This idea can be exploited to the point of presenting domain theory in logical form, as advocated by Martin-Lof (a program which was carried out systematically by Abramsky) Joh82, ML83, Abr91b]. Chapter 11 introduces the problem of the categorical interpretation of a typed -calculus with dependent and second order types along the lines established in chapter 4. We rst develop some guidelines in a categorical framework, and then we apply them to the specic cases of categories of complete partial orders and Scott domains. Two popular fragments of this typed -calculus are considered in greater detail: the system LF of dependent types, and the system F of polymorphic types Gir86, CGW88, AL87, Gir72, Rey74, HHP93]. Chapter 12 presents another theory of domains based on the notion of stable morphism. Stability was introduced by Berry, as an approximation of the sequential behaviour of -calculus. The denition of a stable function formalizes the property that there is always a minimum part of a given input needed to reach a given nite output. We develop the theory along the lines of chapters 1 and 5: we study stability on meet cpo's, dI-domains and event structures (and coherence spaces), stable binite domains (with an application to the construction of a retraction of all retractions), and continuous L-domains Ber79, Ama91a, Ama95]. Chapter 13 is devoted to linear logic. The simplest framework for stability coherence spaces - led Girard to the discovery of a new resource-sensitive logic. In linear logic, hypotheses, or data are consumed exactly once, and multiple uses (including no use) are re-introduced by explicit connectives. Linear logic has a rich model theory. We present only a few models: the stable model, Ehrhard's hypercoherence model (which is closer to capturing sequential behaviour), and Winskel's bistructures model (which combines the continuous and the stable models). Also continuity can be recast in the light of linear logic, as shown by Lamarche Gir87, Ehr93, Win80]. Chapter 14 addresses the semantic notion of sequentiality, which is aimed at capturing sequential computation, as opposed to inherently parallel computation. We start with Kahn-Plotkin sequential functions, which do not lead to a cartesian closed category. But sequential algorithms, which are pairs (function, computation strategy) yield a model of Pcf. They actually model, and are fully abstract for and extension of Pcf with a control operator catch. Sequential algorithms lend themselves to a game interpretation. On the other hand, a term model of Pcf, from which a fully abstract model of Pcf is obtained by a quotient, can also be described in a syntax-independent way using games. Games semantics therefore appear as a powerful unifying framework, which is largely undeveloped at the time this book is written Cur86, AJ92]. Chapter 15 is an elementary introduction to the ideas of synthetic domain theory via the category of partial equivalence relations (per). The category of per's is a useful tool in semantics we exhibit an interpretation of system F, of a type assignment system, and of a subtyping system. Towards the interpretation

9

PREFACE

of recursion we introduce various reective subcategories of per's. In this context we prove a generalized Myhill-Shepherdson theorem Hyl88, Ros86, FMRS92, Ama91b]. Chapter 16 discusses some connections between the functional and concurrent computational paradigms. As a main tool for this comparison we introduce the basics of -calculus theory, a rather economical extension of Milner's Ccs. We show that this calculus is suciently expressive to adequately encode a call-byvalue -calculus enriched with parallel composition and synchronization operators MPW92, ALT95]. Two appendices provide the basic material on recursion theory and category theory (see Rog67, Soa87] for the former and ML71, BW85, AL91] for the latter). We refer to Bar84, GLT89] for more advanced results on the syntactic aspects of -calculus. Most people never manage to read a scientic book from the beginning to the end. We guess this book will be no exception. In rst approximation a precedence relation among the chapters can be dened as follows. 1 2 3 4 6 8 9 16 4 5 9 10 6 12 13 14 5 7 11 15 Clearly there are plenty of possible shortcuts. When using the book in an introductory graduate course or seminar it is perhaps a good idea to modulate the amount of domain-theoretical constructions which are presented. This book arises out of a joint e ort to develop and integrate lecture notes for graduate courses taught by the authors in the years 1991-1996 in a number of research institutions. A preliminary report of our work had appeared in AC94]. Constructive criticisms and corrections are welcome and can be addressed to [email protected] or [email protected].

10

PREFACE

Notation Set theoretical. empty set natural numbers B two elements set \ union, intersection of two sets S T union, intersection of a family of sets Xc complement of X P (X ) parts of X Pfin (X ) nite subsets of X X n Y X is a nite subset of Y X ?n Y X is a nite and non-empty subset of Y ]X cardinality of X R reexive and transitive closure of R fdigi2I indexed set fxn gn
!

Category theoretical. C D categories Ca b] morphisms from a to b

f g composition of morphisms hf g i pairing of morphisms L a R L left adjoint to R

11

12

NOTATION

Domain theoretical.

(P ) f : (P ) ! (P 0 0) UB (X ) MUB (X ) W VX

X x"y x y " X # X

O

d!e K (D )

preorder (reexive and transitive) f is monotonic if it preserves the preorder upper bounds of X minimal upper bounds (mub's) of X least upper bound (lub) greatest lower bound (glb) elements with an upper bound (compatible elements) immediate predecessor smallest upper, lower set containing X poset f? >g with ? < > step function compact elements

Syntax. BNF V U=x] FV (M ) BT (M ) ! (M )

M~

Backus-Naur form for grammars substitution of U for x in V free variables of M Bohm tree of M syntactic approximant of M vector of terms

Semantics. f e=d] environment update, f e=d](x) =

Recursion Theoretical. fng n # " =

(

e if x = d f (x) otherwise

function computed by the n-th Turing machine convergence, divergence predicate Kleene's equality on partially dened terms

Chapter 1 Continuity and Computability As the computation of a computer program proceeds, some (partial) information is read from the input, and portions of the output are gradually produced. This is true of mathematical reasoning too. Consider the following abstraction of a typical highschool problem for simple equation solving. The student is presented with three numerical gures { the data of the problem (which might themselves be obtained as the results of previous problems). Call tem u v, and w. The problem has two parts. In part 1, the student is required to compute a quantity x, and in the second part, using part 1 as a stepping stone, he is required to compute a quantity y. After some reasoning, the student will have found that, say, x = 3u + 4, and that y = x ; v. Abstracting away from the actual values of u v w x, and y, we can describe the problem in terms of information processing. We consider that the problem consists in computing x and y as a function of u v w, i.e., (x y) = f (u v w). A rst remark is that w is not used (it was probably placed there on purpose to confuse the student...). In particular, if computing w was itself the result of a long, or even diverging, computation, the student would still be able to solve his problem. A second remark is that x depends on u only. Hence, again, if nding v is very painful, the student may still achieve at least part 1 of his problem. Finally, y depends on both u and v. If the actual value of y is needed to get the highest mark, then the student has no escape but to solve the other problem whose output is v. We use the symbol ? to mark the absence of information. All what we have described with English words can be formalised as follows (we assume u v 6= ?): f (? ? ?) = (? ?) f (u ? ?) = (3u + 4 ?) f (u v ?) = (3u + 4 (3u + 4) ; v) : Input and output data may be ordered according to their information contents. Therefore we write: (? ? ?) (u ? ?) (u v ?) (? ?) (3u + 4 ?) (3u + 4 (3u + 4) ; v) : 13

14

CHAPTER 1. CONTINUITY AND COMPUTABILITY

The function f is monotonic with respect to this order, i.e., if (x y z) (x0 y0 z0), then f (x y z) f (x0 y0 z0). We are not concerned here with the order relation between numbers. It is not relevant in the analysis of the student's information processing activity. We are also condent that he or she is good at computing additions and multiplications (he might have a calculator...). Another example involving an open-ended view of computation is o ered by some popular programs running in the background at many academic institutions, which compute larger and larger prime numbers. In this case, larger and larger lists of prime numbers are obtained from scanning larger and larger portions of the (innite) list of natural numbers, and making the appropriate primality checks. The currently produced list of prime numbers is an approximation of the innite sorted list of all prime numbers, which is the ideal total output information. Continuity arises as the formalisation of the slogan: \any nite part of the output can be reached through a nite computation". The primality of an arbitrarily large number can be (in principle) checked in nite time and by scanning a nite portion of the sorted list of natural numbers. Complete partial orders and continuous functions are introduced in section 1.1. The following two sections sketch links with topology and recursion theory. In section 1.2, we show that complete partial orders can be viewed as (quite special) topological spaces. In section 1.3, we indicate where all this came from: a theorem of recursion theory, due to Myhill and Shepherdson, shows that, in a suitable sense, computability implies continuity. In section 1.4, we come back to the order-theoretic treatment, and present basic domain constructions (product, function space, smash product, lifting, and di erent kinds of sums). In section 1.5, we apply the material of the previous sections to give a denotational semantics to a toy imperative language. In section 1.6, we consider a small extension of this language, and we introduce continuation semantics (continuations will be considered again in chapter 8).

1.1 Directed Completeness and Algebraicity After giving the basic denitions concerning directed complete partial orders and continuous functions, we immediately arrive at a simple, but fundamental xpoint theorem, which will be used to give meaning to loops (section 1.5) and to recursive denitions (section 6.1). Denition 1.1.1 (dcpo) Given a partial order (D ), a non-empty subset D is called directed if 8 x y 2

9z 2

x z and y z:

In the sequel, dir D stands for: \ is a directed subset of D" (when clear from the context, the subscript is omitted). A partial order (D ) is called a

1.1. DIRECTED COMPLETENESS AND ALGEBRAICITY

15

directed complete W partial order (dcpo) if every D has a least upper bound (lub), denoted . If moreover (D ) has a least element (written ?), then it is called a complete partial order (cpo). Denition 1.1.2 (monotonic,continuous) Let (D ) and (D0 ) be partial orders. A function f : D ! D0 is called monotonic if 8 x y 2 D x y ) f (x) f (y ): If D and D0 are dcpo's, a function f : D ! D0 is called continuous if it is monotonic and _ _ 8 dir X f ( ) = f ( ): (Notice that a monotonic function maps directed sets to directed sets.) A xpoint of f : D ! D is an element x such that f (x) = x. A prexpoint of f : D ! D is an element x such that f (x) x. If f has a least xpoint, we denote it by x (f ). The most noteworthy example of a directed set is an innite ascending sequence x0 x1 xn . Actually they are the ones that matter. Most of domain theory can be formulated with partial orders that are complete only with respect to ascending chains. Denition 1.1.3 (!-dcpo) A partial order (D ) is called an !-dcpo if every ascending sequence fxngn
Denition 1.1.5 The category Dcpo is the category of directed complete partial orders and continuous functions. The category Cpo is the full subcategory of Dcpo whose objects are the cpo's. Example 1.1.6 1. Given any set X , dene X? = X f?g (where ? 62 X ), and x y , (x = ? or x = y). Cpo's dened in this way are called at. The two elements at domain f? >g is written O. The boolean at domain f? tt g is written T. 2. All partial orders without innite ascending chain are dcpo's (this includes all nite partial orders). 3. X * Y (the set of partial functions between two sets X , Y ), endowed with the following order, is a cpo: f g , (f (x) # ) (g(x) # and f (x) = g(x))) (where f (x) # means \f (x) is dened"), or equivalently graph (f ) graph (g ) (where graph (f ) = f(x y) j f (x) # and f (x) = y g). The least element is the everywhere undened function, and lub's are set-theoretic unions (of graphs).


16

The following proposition is the key to the interpretation of recursively dened programs or commands.

Proposition W1.1.7 (Kleene's xpoint) If D is a cpo and f : D ! D is continuous, then n2! f n (?) is a xpoint of f , and is the least prexpoint of f (hence it is the least xpoint of f ) 1. Proof. From ? f (?), we get by monotonicity that ? f (?) : : : f n (?) : : : is

an increasing chain, thus is directed. By continuity of f , we have

f(

_

n2!

f n (?)) =

_

n2!

f n+1 (?) =

_

n2!

f n (?):

Suppose f (x) x. We show f n (?) x by induction on n. The base case is clear by minimality of ?. Suppose f n(?) x: by monotonicity, f n+1 (?) f (x), and we conclude by transitivity. 2 More assumptions on D make it possible to prove the existence of least xpoints for all monotonic functions.

Exercise 1.1.8 (Tarski's xpoint) Let D be a complete lattice (i.e., D is a partial order in which every subset has a lub). Show that any monotonic function f : D ! D V has a least xpoint, which is fx j f (x) xg, and that the set of xpoints of f is a complete lattice.

An alternative proof of the rst part of Tarski's theorem appeals to a cardinality argument, as suggested in the following exercise.

Exercise 1.1.9 Let D be a complete lattice, W and f : D ! D be a monotonic function.

Set f 0 = ?, f +1 = f f , and f (x) =
(AR1) (d e1) (d e2) 2 R (AR2) (d e) 2 R d1 d e e1

) )

e1 " e2 (d1 e1) 2 R :

Proposition 1.1.19 The approximable relations are exactly the graphs of continuous functions.

Proof. Clearly, the graph of a continuous functions satises (AR1) and (AR2).

Conversely, let R be an approximable relation. We dene f by

f (x) =

_

fe j 9 d x

(d e) 2 Rg:

This denition of graph is a variant of the set-theoretical denition used in example 1.1.6 (3), which is well suited for continuous functions over algebraic cpo's. 2

1.1. DIRECTED COMPLETENESS AND ALGEBRAICITY

19

We show that f is well-dened. We have to check that fe j 9 d x (d e) 2 Rg is directed. Let (d1 e1) (d2 e2) 2 R, with d1 d2 x. By algebraicity there exists a compact d such that d1 d2 d x. Then (d e1) (d e2) 2 R by AR2, and (d e) 2 R for some e e1 e2 by AR1, hence e ts. The proofs that f is monotonic and graph (f ) = R are easy. 2 Next we show how algebraic dcpo's correspond to a completion process, similar to that for obtaining real numbers from rationals.

Denition 1.1.20 (ideal) Given a preorder (P ), an ideal I is a directed, lower subset of P . Write Ide (P ) for the collection of ideals over P , ordered by set-theoretic inclusion. An ideal I is called principal if (9 x 2 P I =# x).

Proposition 1.1.21 (ideal completion) 1. If P is a preorder, then Ide (P ) is

an algebraic dcpo whose compact elements are exactly the principal ideals. 2. If D is an algebraic dcpo, then D and Ide (K(D)) are isomorphic in Dcpo. W Proof. (1) (1) Let be a directed set of ideals. Dene as the set-theoretic union of the ideals in . It is easily checked that this is an ideal, thus it is the lub of in Ide (P ). The directedness of f# x j # x I g follows from Sthe directedness of I . The rest of (1) follows from the following obvious facts: I = f# x j# x I g, and principal ideals are compact. (2) The two inverse functions are x 7! fd 2 K(D) j d xg and I 7! W I . 2

Ideal completion is a universal construction, characterised by an adjunction. (The notion of adjunction is recalled in appendix B.) Proposition 1.1.22 (ideal completion free) Ideal completion is left adjoint to the forgetful functor U : Dcpo ! P, where P is the category of partial orders and monotonic functions, and where U takes a dcpo to the underlying partial order and a continuous function to the underlying monotonic function. Less abstractly, given any partial order X and any dcpo D, any monotonic function f : X ! D extends uniquely to a continuous function f^ : Ide (X ) ! D. Proof. We dene the counity of the adjunction by (x) =# x. Take a monotonic f :X ! D. The unique continuous extension f^ of f to Ide (X ) is dened by W ^ f (I ) = x2I f (x). 2 In a di erent perspective, ideal completion determines an equivalence of categories.

Proposition 1.1.23 The ideal completion and the transformation D 7! K(D) determine an equivalence between Adcpo and the category of partial orders and approximable relations.

20


Proof. First we make sure that partial orders and approximable relations form

a category. Composition is dened as graph composition: R0 R = f(d d00) j 9 d0 (d d0) 2 R and (d0 d00) 2 R0g: We only check that R0 R satises AR1. Let (d d01) 2 R, (d01 d001 ) 2 R0, (d d02) 2 R, and (d02 d002 ) 2 R0. Then (d d0) 2 R for some d0 d01 d02 by AR1 (d0 d001 ) 2 R0 (d0 d002 ) 2 R0 by AR2 0 00 0 00 00 00 (d d ) 2 R for some d d1 d2 by AR1 : The rest of the proposition follows easily from propositions 1.1.21 and 1.1.19. 2 Exercise 1.1.24 Consider the nite partial terms over a signature fg (disjoint union) including a special symbol of arity 0, ordered as follows: s t i ` s t can be established by the following rules: `t

` s1 t1 ` sn tn f (s1 : : : sn ) f (t1 : : : tn)

Show that the ideal completion of this partial order is isomorphic to the set of nite and innite terms as dened in example 1.1.13.

1.2 Dcpo's as Topological Spaces Any partial order (X ) may be endowed with a topology, called Alexandrov topology, whose open sets are the upper subsets of X . It has as basis the sets " x, where x ranges over X . Conversely, with every topological space (X #X ), one may associate a preorder, called specialisation preorder, dened by x y i 8 U 2 #X x 2 U ) y 2 U: A T0 topology is by denition a topology whose associated preorder is a partial order, i.e., if x 6= y, then either there exists an open U such that x 2 U and y 62 U , or there exists an open U such that y 2 U and x 62 U . Classical topology assumes a much stronger separation axiom, known as T2 or Hausdor : if x 6= y, then there exist disjoint opens U and V such that x 2 U and y 2 V . The topological spaces arising from dcpo's are not Hausdor . They are not even T1, where T1 is the following intermediate property: if x 6= y, then there exists an open U such that x 2 U and y 62 U . (Clearly, if T1 holds, then x y ) x = y.) We seek a T0 topology associated with a dcpo in such a way that: the specialisation order is the dcpo order, and order-theoretic continuity coincides with topological continuity. Recall that the opens of a topological space X are in one-to-one correspondence with the continuous functions X ! f? >g, where the only non-trivial open

1.2. DCPO'S AS TOPOLOGICAL SPACES

21

of f? >g is f>g. Precisely, the correspondence associates with an open its characteristic function, and maps any f to f ;1 (>). The specialisation order for this topology on f? >g yields the at cpo O (cf. section 1). So the open sets of a dcpo D must be the sets of the form f ;1 (>), for f continuous from D to O, in the order-theoretical sense. This motivates the following denition.

Denition 1.2.1 (Scott topology) A subset A D of a dcpo D is called Scott

open if: 1. x 2 A and x yW) y 2 A 2. directed and 2 A ) 9x 2 x 2 A: The collection #S (D) of Scott opens (which is clearly a topology) is called Scott topology over D.

Exercise 1.2.2 Show that Ux = fy 2 D j y 6 xg is Scott open.

Lemma 1.2.3 The specialisation order on (D #S ) is (D ). In particular, #S is T0 .

Proof. Call 0 the specialisation order. It is obvious from the denition of Scott

topology that 0. Conversely, let x 0 y and suppose x 6 y, i.e., x 2 Uy (cf. exercise 1.2.2). Then y 2 Uy by denition of 0, contradicting reexivity. 2 Proposition 1.2.4 Let D, E be dcpo's. The continuous functions (in the topological sense) from (D #S ) to (E #E ) are exactly the morphisms in Dcpo. Proof. Let f be #S -continuous. By lemma 1.2.3, f is monotonic (a continuous function is always monotonic to the specialisation order). Suppose W W W with ;respect 1 W f ( ) 6 f ( ), i.e., 2 f (U f () ). Thus f ( ) 2 UW f () for some 2 , since f ;1(UW f ()) is Scott-open. But this contradicts f ( ) W f ( ). The converse is easy and left to the reader. 2 Proposition 1.2.5 (Scott basis) If D is algebraic, then the sets " d, for d compact, form a basis of #S . Proof. The sets " d are Scott-open, by denition of compactness. We have to show that if " d \ " d0 6= , then " d00 " d \ " d0, for some d00, that is, d d0 d00. Let x 2" d \ " d0, that is, d d0 2 fe 2 K(D) j e xg. We nd d00 by directedness. We also have to show that if U is open and x 2 U , then x 2" d U for some d: this trivially follows from the denition of opens and by algebraicity. 2 Exercise 1.2.6 gives a topological justication of ideal completion. Recall that opens of a topological space can be viewed as the morphisms from that space into O. Suppose that we are interested in the dual exercise. We have an abstract topology, consisting a partial order of \opens" with arbitrary lub's and nite

22


greatest lower bounds (glb's) distributing over them. Such a structure is called a frame. (The set of opens of a topological space, ordered by inclusion, is a frame.) Dually to the way of obtaining opens out of points, a way to recover points from (abstract) opens is to take the frame morphisms from A to O (i.e., those that preserve the frame structure), where O is considered as a frame. The construction that takes a topological space to its frame of opens, then to the set of points of this frame, is called soberication. All these notions of abstract topology will be developped in section 10.1.

Exercise 1.2.6 (ideals/points) Let (X ) be a partial order. Show that ideals of X

are in one-to-one correspondence with the points of the Alexandrov topology over X , i.e., the frame homomorphisms from X to O. In other words, ideal completion is an instance of soberication.

1.3 Computability and Continuity We give a recursion-theoretic characterisation of the set (! * !) !e (! * !) of e ectively continuous functions from ! * ! to ! * !. Let fngn
* !) PR ! * !:

We recall theorem A.3.1: if A is a subset of PR such that fx j x recursively enumerable (r.e.), then for any partial recursive f :

2

Ag is

f 2 A i there exists a nite function f such that 2 A: In particular, A is an upper subset.

Theorem 1.3.1 (Myhill-Shepherdson) 1. Let f be a total recursive function

that is extensional, i.e., f (m) = f (n) whenever m = n . Then there is a unique continuous function F : (! * ! ) ! (! * ! ) \extending" f , i.e., such that F (n) = f (n) for all n. Moreover, F is eectively continuous. 2. Conversely, any eectively continuous function F : (! * ! ) ! (! * ! ) maps partial recursive functions to partial recursive functions, and there is a total (extensional) recursive function f such that F (n) = f (n) for all n. Proof. (1) Dene F0 : PR ! PR by F0 (n ) = f (n). The key property of F0 is:

(?) F0(g)(m) # n i F0( )(m) # n for some nite g (g 2 PR): We get this by theorem A.3.1, taking A = fg 2 PR j F0(g)(m) # ng (m, n xed): a procedure in p that terminates when p 2 A is given by:

1.4. CONSTRUCTIONS ON DCPO'S

23

computing f (p) and then computing f (p)(m) and checking f (p)(m) = n: Since F has to extend F0, it extends a fortiori the restriction of F0 to nite functions, thus there is no choice for the denition of F : F (g)(m) # n i F0( )(m) # n for some nite g (g 2 ! * !): (Hereafter always ranges over nite functions.) We show that F is well dened. Suppose that F0( )(m) # n and F0( 0)(m) # n0 for some nite 0 g. By (?), we have F0(g)(m) # n and F0(g)(m) # n0, which forces n = n0. F extends F0 by denition. It is also continuous by denition. We show nally that F is e ectively continuous. A procedure in (encodings of) , 0, which terminates when 0 F ( ) = F0( ), is obtained as a sequence of procedures in , which terminate when F0( )(m) # n, for all m, n such that 0(m) = n. Such procedures can be obtained by prexing the procedure considered above with a (total) procedure taking to an index p such that = p. (2) Conversely, let F be e ectively continuous. We build f as in the statement by a simple application of the s-m-n theorem A.1.5: it is enough to show that (p m) 7! F (p)(m) is partial recursive. This in turn is equivalent to proving that F (p)(m) # n is r.e. in p, m, n. We know from the e ectivity of the continuity of F that the predicate F ( )(m) # n is r.e. in , m, n. Whence the following procedure for p, m, n: try in parallel the successive 's, checking whether p and F ( )(m) # n, and stop when one such has been found. Continuity guarantees that the procedure will succeed if F (p)(m) # n. 2 Exercise 1.3.2 Let F be as in the statement of Myhill-Shepherdson's theorem 1.3.1. Show that the least xpoint of F is in PR. Remark 1.3.3 Forgetting about minimality, exercise 1.3.2 can be reformulated as follows: for any total and extensional recursive function f : ! ! ! , there exists n0 such that f (n0 ) = n0 . This is known as Kleene's recursion theorem. The proof followed here uses the (computable ) continuous) direction of theorem 1.3.1 and the proposition 1.1.7.

1.4 Constructions on Dcpo's In this section we show how to construct new dcpo's out of dcpo's. First we consider the product and function space constructions. Then we consider other basic domain constructions: lifting, smash product and sum. Let D, E be two dcpo's. The product D E of D and E in the category of sets becomes a product in the category of dcpo's (for the categorical notion of product, see appendix B), when endowed with the following componentwise order: (x y) (x0 y0) i x x0 and y y0:


24

Proposition 1.4.1 (dcpo of pairs) If D, E are dcpo's, then D E ordered as

above is a dcpo. The statement also holds, replacing \dcpo" by \cpo". Proof. If is directed in D WE , dene D = fx j 9 y (x y) 2 g, and W symmetrically E . Then ( D E ) is the lub of . If D, E are cpo's, then (? ?) is the minimum of D E . 2

If the dcpo's are algebraic, the product in Dcpo coincides with the product in Top, the category of topological spaces. Exercise 1.4.2 Let D, E be dcpo's, let S be the Scott topology on D E , and let be the product of the Scott topologies on D and E (a basis of is fU V j U V Scott openg). Show S . Show that if D, E are algebraic, then = S . (See exercise 1.3.12 in Bar84] for a situation where 6= S .) In general topology, it is not true that a continuous function of several arguments is continuous as soon as it is continuous in each argument, but this is true for dcpo's. Proposition 1.4.3 (argumentwise continuity) Let D, D0, and E be dcpo's. A function f : D D0 ! E is continuous i for all x 2 D the functions fx : D0 ! E , and for all y 2 D0 the functions fy : D ! E , dened by fx(y) = f (x y) and fy (x) = f (x y ), respectively, are continuous. Proof. Let f : D D0 ! E be continuous, and be a directed subset of D0 . Then (x ) = f(x ) j 2 g is a directed subset of D D0 . Thus _ _ _ _ fx( ) = f ( (x )) = f (x ) = fx( ): Suppose conversely that f is continuous in each argument separately. Let be directed in D D0 . Let D and D be as in the proof of proposition 1.4.1. Then _ _ _ _ _ f ( ) = f ( D D ) = f ( D D ) __ _ = f f ( D ) j 2 D g = f ( D D ) : It remains to show W f ( D D ) = W f ( ). One side is obvious since D D . Conversely, one uses directedness of to check that each element of 2 D D has an upper bound in . 0

0

0

0

0

0

0

0

Next we consider the construction of function spaces. Proposition 1.4.4 (dcpo of functions) Let D, E be dcpo's. The set D !cont E of continuous functions from D to E , endowed with the pointwise ordering dened by f ext f 0 i 8 x f (x) f 0(x) is a dcpo. (We shall omit the subscripts cont and ext until chapter 12.) Moreover, if E is a cpo, then D ! E is a cpo.


25

be a directed set of functions. Dene f (x) = W (x). Let 0 be a directed subset of D. Then _ _ _ 0 __ 0 _ f ( 0) = ( ) = f g( ) j g 2 g = ( 0) __ _ = f ( 0) j 0 2 0g = f ( 0) : For the last part of the statement, notice that the constant function x:? is the minimum of D ! E . 2 Exercise 1.4.5 (x continuous) Show that the xpoint functional x : (D ! D) ! D of proposition 1.1.7 is continuous. The material needed to show that D E and D ! E are categorical product and function spaces are collected in exercises 1.4.6 and 1.4.7. We refer to section 4.2, and in particular to exercises 4.2.11 and 4.2.12, for the full categorical treatment. Exercise 1.4.6 Show the following properties: (1) The projections 1 and 2, dened by 1(x y ) = x and 2(x y ) = y , are continuous. (2) Given continuous functions f : D ! E and g : D ! E 0, the pairing hf gi dened by hf g i(x) = (f (x) g(x)) is Proof. Let

continuous.

Exercise 1.4.7 Show the following properties: (1) The evaluation dened by ev(x y) = x(y) is continuous. (2) Given f : D D0 ! E , show that (f ) : D ! (D0 ! E ) dened by (f )(x)(y ) = f (x y ) is well-dened and continuous.

What is the situation for algebraic dcpo's? Unfortunately, if D, E are algebraic, D ! E may fail to be algebraic. The story seems to begin well, though. The following lemma shows how compact functions can be naturally constructed out of compact input and output elements. Lemma 1.4.8 (step functions) (1) Let D, E be cpo's, d 2 D and e 2 K(E ). Then the step function d ! e, dened as follows, is compact: ( xd (d ! e)(x) = e? ifotherwise : W (2) If D and E are algebraic, then f = fd ! e j (d ! e) f g, for any f . W Proof. (1) If d ! e , then e = (d ! e)(d) Wff (d) j f 2 g. Since e is compact, we get e f (d) for some f , i.e., d ! e f . (2) Notice that fd ! e j (d ! e) f g g i (e f (d) ) e g(d)) for all d e i f g. 2 The trouble is that the sets fg j g f and g compactg are not directed in general (see exercise 1.4.15). They become directed under a further assumption on the domains. The following observation motivates the next denition: if d ! e f , d0 ! e0 f , and d " d0, then also e " e0.

26


Denition 1.4.9 (Scott domain) A dcpo satisfying the following axiom is called bounded complete (some authors say consistently complete):

x " y ) x _ y exists, for any x and y: Bounded complete and algebraic cpo's are often called Scott domains.

Exercise 1.4.10 Show that a dcpo D is bounded complete i any non-empty upper bounded subset of D has a lub i any non-empty subset of D has a glb.

Exercise 1.4.11 Show that an algebraic dcpo is bounded complete i d " d0 ) d _ d0 exists, for any compacts d and d0. Suppose that E is bounded complete then dene, for compatible d ! e and 0 d ! e0: 8 e _ e0 x d and x d0 > > <e x d and x 6 d0 h(x) = > e0 x 6 d and x d0 > :? otherwise : It is easily checked that h is the lub of d ! e and d0 ! e0. Theorem 1.4.12 (Scott CCC) If D is algebraic and E is a Scott domain, then D ! E is a Scott domain. The compact elements of D ! E are exactly the functions of the form (d1 ! e1) _ _ (dn ! en). Proof. Let be the set of lub's of nite non-empty bounded sets of step functions (which always exist by a straightforward extensionWof the above construction W of h). Then f = fd ! e j (d ! e) f g implies f = fg 2 j g f g, which shows that D ! E is algebraic, since fg 2 j g f g is directed by denition, and since is a set of compact elements (cf. exercise 1.1.14). Bounded completeness for compact elements obviously follows from the denition of . 2 The terminology \CCC" is a shorthand for \cartesian closed category" (see appendix B and section 4.2). Remark 1.4.13 The lub's of nite sets of step functions, when they exist, are described by the following formula: _

((d1 ! e1) _ _ (dn ! en))(x) = fei j di xg: Exercise 1.4.14 Show that an algebraic cpo is a lattice (i.e., it has all nite lub's and glb's) i it has all nite lub's (cf. exercise 1.4.10). Show that if D, E are algebraic lattices, then so is D ! E . There are larger full subcategories of algebraic dcpo's and algebraic cpo's that are closed under the function space construction. This will be the subject matter of chapter 5.


27

Exercise 1.4.15 (non-algebraic !) Consider example (A) in gure 5.1 (ahead). Show that D is ! -algebraic and that D ! D is not algebraic. Hints: (1) Show: a ! a b ! b f id ) f_(! ) ! f (a) = a and f (b) = b ) fn = f where

n2!

(

f (d) if d 62 ! or (d = m and m n) f (m + 1) if d = m and m > n : (2) Notice that f = fm entails that f becomes constant, contradicting f fn (d) =

Conclude that the set of approximants of the identity is not directed.

id. (3)

The following constructions play an essential role in the semantics of callby-value, which is addressed in chapter 8, we introduce call-by-value semantics. Most of the proofs are easy and omitted. Denition 1.4.16 (lifting) Let D be a partial order. Its lifting D? is the partial order obtained by adjoining a new element ? (implicitly renaming the ? element of D, if any) below all the elements of D: x y in D? , x = ? or (x y 2 D and x y in D): In particular, the at domains, introduced in example 1.1.6, are liftings of discrete orders. Denition 1.4.17 (partial continuous, strict) Let D, E be dcpo's. 1. A partial function f : D * E is called continuous if the domain of denition dom (f ) of f is Scott open, and if f restricted to dom (f ) is continuous (in the sense of either denition 1.1.1 3 or proposition 1.2.4). 2. If D and E are cpo's, a continuous function f : D ! E is called strict if f (?) = ?. 3. If D, D0, and E are cpo's, a continuous function f : D D0 ! E is called left-strict if 8 x0 2 D0 f (? x0 ) = ? right-strict if 8 x 2 D f (x ?) = ?: Given two dcpo's D E , the following sets are in bijective correspondence (in fact, they are order-isomorphic): 1: the set of partial continuous functions from D to E 2: the set of continuous functions from D to E? 3: the set of strict continuous functions from D? to E? : The transformations (all denoted as f 7! f^) are: W

W

W

More precisely: if f ( ) +, then f ( ) = ff ( ) j 2 and f ( ) +g (notice that since dom (f ) is open, the right hand set is non-empty). 3


28

(

f (x) + (1) to (2): f^(x) = f?(x) ifotherwise : (2) to (1): f^ is the restriction of f to fx j f (x) 6= ?g (notice that this set is open, cf. exercise 1.2.2). ( f (x) if x 6= ? ^ (2) to (3): f (x) = ? if x = ? : (3) to (2): f^ is the restriction of f to D. The following proposition characterises this relationship in a more abstract manner. We dene the image of a functor F : C ! C0 as the subcategory of C0 whose objects are (the objects isomorphic to) Fa for some a 2 Ob C, and whose arrows are the morphisms Ff for some morphism f of C. Proposition 1.4.18 (lifting as adjunction) 1. The lifting of a dcpo is a cpo. Lifting is right adjoint to the inclusion functor from Dcpo to the category Pdcpo of dcpo's and partial continuous functions. 2. The lifting functor is faithful, and its image is the category Scpo of cpo's and strict continuous functions. 3. Lifting is left adjoint to the inclusion functor from Scpo to Cpo. Proof. We only show how (3) follows from (1) and (2) by categorical \abstract nonsense". Suppose that we have an adjunction F a G, with F : C ! C0 and G : C0 ! C, Then call C1 the image of G, and C2 the full subcategory of C whose objects are those of C1 . There are inclusion functors Inc 1 : C1 ! C2 and Inc 2 : C2 ! C. It is easy to see that F Inc 2 a Inc1 G. If moreover G is faithful, and faithful on objects (i.e., if Ga0 = Gb0 implies a0 = b0), then G : C0 ! C1 is actually an isomorphism of categories, so that, composing with G=G;1 , the adjunction becomes G F Inc 2 a Inc1 G G;1 = Inc1 : If we take C = Dcpo, C0 = Pdcpo, and the inclusion and lifting functors as F and G, respectively, we obtain (3). 2 Remark 1.4.19 The two adjunctions have actually nothing to do specically with continuity, and can be reformulated in categories of partial orders and (partial) monotonic functions (see section 8.2). Denition 1.4.20 (smash product) Let D and E be two cpo's. Their smash product is the subset D E of D E dened by D E = f(x y) j (x 6= ? and y 6= ?) or (x = ? and y = ?)g and ordered by the induced pointwise ordering.

1.5. TOY DENOTATIONAL SEMANTICS

29

Smash products enjoy a universal property. Proposition 1.4.21 1. The smash product of two cpo's D D0 is a cpo, and the function : D D0 ! D D0 dened as follows is continuous: ( (x x0) if (x x0) 2 D E 0 (x x ) = (? ?) otherwise : 2. The function is universal in the following sense: for any E and any continuous function f : D D0 ! E that is both left-strict and right-strict, there exists a unique strict continuous function f^ : D D0 ! E such that f^ = f . Several notions of sums have been used to give meaning to sum types. Denition 1.4.22 (coalesced, separated sum) Let D E be two cpo's. Their coalesced sum D + E is dened as follows:

D + E = f(1 x) j x 2 Dnf?gg f(2 y) j y 2 E nf?gg f?g: The separated sum of D and E is dened as D? + E?. Thus, in a colesced sum, the two ?'s are identied, while in the separated sum, a new ? element is created and acts as a switch, because any two elements above ? are either incompatible or come from the same component D or E . None of these two sum constructors yields a categorical coproduct in Cpo. The situation is di erent in Dcpo. Exercise 1.4.23 Let D and E be two dcpo's. Show that their disjoint union, ordered in the obvious way, is a categorical coproduct in Dcpo.

1.5 Toy Denotational Semantics Let us illustrate the use of domains with a denotational semantics for a simple imperative language Imp, whose set of commands is given by the following syntax: Commands c ::= a j skip j c c j if b then c else c j while b do c where b and a range over two unspecied sets Bexp and Act of boolean expressions and of actions, respectively. The set of commands is written Com. We dene the meaning of the commands of this language, rst by means of rules, second by means of mathematical objects: sets and functions with structure. Thus we specify their operational and denotational semantics, respectively, as discussed in the preface. In Imp, these two semantics agree. We shall see later that it is dicult to achieve this goal in general (see section 6.4). With the unspecied syntactic domains Bexp and Act we associate unspecied denotation functions ] : Bexp ! (! ! B) and ] : Act ! (! ! !), where !


30 a] = 0 ha i ! 0

hskip i !

hc0 i ! 0 hc1 0i ! 00 hc0 c1 i ! 00

.

b] = hc1 i ! 0 hif b then c0 else c1 i ! 0 b] = tt hc i ! 0 hwhile b do c 0i ! 00 hwhile b do c i ! 00

b] = tt hc0 i ! 0 hif b then c0 else c1 i ! 0 hwhile

b] = b do c i !

Figure 1.1: The operational semantics of Imp is an unspecied set of states (for example an environment assigning values to identiers), and B = ftt g is the set of truth values. The operational semantics of Imp is given by the formal system described in gure 1.1. In this gure, there are so-called judgments of the form hc i ! 0, which should be read as: \starting with state , the command c terminates and its e ect is to transform the state into the state 0". A proof, or derivation, of such a judgment is a tree, all of whose nodes are instances of the inference rules. The rules show that Imp has no side e ects. The evaluation of expressions does not change the state. Lemma 1.5.1 (while rec) Set w = while b do c. Then w if b then (c w) else skip where is dened by: c0 c1 i 8 0 hc0 i ! 0 , hc1 i ! 0. Proof. By a simple case analysis on the last rule employed to show hc i ! 0, where c stands for w and for if b then c w else skip , respectively. 2 Exercise 1.5.2 The following is a specied version of Bexp and Act (the actions are assignment commands, therefore we introduce a syntactic category Aexp of arithmetical expressions): Bexp b ::= tt j j e = e j e e j :b j b ^ b j b _ b Aexp e ::= i j X j e + e j e ; e j e e Act a ::= (X := e) where i ranges over the set ! of natural numbers, and X ranges over a set Loc of locations. The set is dened by = Loc ! ! . (1) Complete the description of the operational semantics, by rules like: hb i ! tt h:b i ! hX i ! (X )

1.5. TOY DENOTATIONAL SEMANTICS

31

(2) Prove that the evaluation of expressions is deterministic: he i ! m

and he i ! n ) m = n (similarly for Bexp)

(hint: use structural induction, that is, induction on the size of expressions). (3) Prove that the evaluation of commands is deterministic: hc i ! 0

and hc i ! 00 ) 0 = 00

(hint: use induction on the size of derivations). (3) Prove 6 9 0 hwhile tt do c i ! 0. (hint: reason by contradiction, with a minimal derivation).

The denotational semantics of Imp is given by a function ] : Com ! (! * !) i.e., a function that associates with every command a partially dened function from states to states. This function extends the predened ] : Act ! (! ! !). The semantics employs the partial functions type ! * !, because loops may cause non-termination, like in while tt do skip . The meaning of skip and command sequencing are given by the identity and by function composition, respectively. The meaning of conditionals is dened by cases. In other words, the meanings of these three constructs is an obvious rephrasing of the operational semantics: skip] = c0 c1] = (c1] (c0] ) tt if b then c0 else c1] = cc0]] ifif bb]] = = : 1

The denotational meaning of while is a xpoint construction suggested by lemma 1.5.1. The full denition of ] by structural induction is given in gure 1.2.

Theorem 1.5.3 (op/den equivalence) The following equivalence holds, for any c, , 0: hc i ! 0 , c] = 0.

Proof hint. ()): This is easily proved by induction on derivations.

((): This is proved by structural induction, and in the while case, by mathematical induction. Let while b do c] = 0, i.e., x (%)() = 0, where % = :cond h b] h c] skipii: Then since graph (x (%)) = Sn0 graph (%n(?)), we have ( 0) 2 graph (%n(?)) for some n. Hence it is enough to prove 8 n (%n (?)( ) # ) hwhile b do c i ! %n (?)( ))


32

skip] c0 c1] if b then c0 else c1] while b do c]

= = = =

id c1] c0] cond h b] h c0] c1] ii x (:cond h b] h c] id ii)

i is the set-theoretical pairing of f and g (cf. exercise 1.4.6). cond : B ( ) ! is the conditional function: cond (tt ( 0)) = , and cond ( ( 0)) = 0. x : ((! * !) ! (! * !)) ! (! * !) is the least xpoint function (cf. proposition 1.1.7).

h

Figure 1.2: The denotational semantics of Imp by induction on n. The base case is obvious, because %0(?) = ? has an empty graph. For the induction step, there are two cases: 1: b] = tt : then %n+1 (?)() = %n (?)(0), where c] = 0 by induction hb i ! tt , hc i ! 0, and hwhile b do c 0i ! %n (?)( 0). Hence, by the denition of the operational semantics: hwhile b do c i ! %n (?)( 0) = %n+1 (?)( ): 2: b] = : then %n+1 (?)() = , and by induction hb i ! . Hence, by the denition of the operational semantics, hwhile b do c i ! = %n+1(?)(). 2

1.6 Continuation Semantics * The language Imp lacks an essential feature of imperative programming: control operators, which allow to break the normal ow of a program. In chapter 8, we shall discuss control operators in the setting of functional programming. Here, we briey present a simple imperative language Imp0 , which is Imp extended with a go to statement. The commands of Imp0 are written using the following syntax:

Commands c ::= a j skip j c c j if b then c else c j goto l j l : c where Bexp is as in Imp, and where l ranges over a set Lab of labels. We impose a further condition: in a command, any occurrence of goto must always be in the scope of a previously declared label: e.g. (l : c) goto l is ruled out. Formally, we dene the

1.6. CONTINUATION SEMANTICS *

33

following simple deductive system, whose judgments have the form L ` c, where L is a (nite) subset of labels:

Là L ` c0 L ` c1 L ` c0 c1 l2L L ` goto l

L ` skip L ` c0 L ` c1 L ` if b then c0 else c1 L flg ` c L`l:c The set Com 0 of the commands of language Imp0 is dened as the set of the commands c such that L ` c for some L. The semantics for Imp0 is more dicult than that of Imp. The inclusion of goto

complicates the task of determining \what to do next". In our rst language, a command acted as a state transformer, and handed its resulting state to the next command. The presence of goto creates a new situation. In a command c0 c1, c0 may jump to a completely di!erent area of the program, so that c1 is possibly not the \next command". Consequently, we can no longer consider an interpretation where c0 produces a state that c1 can start with. An appropriate way of approaching the semantics of goto is by means of continuations. The main idea is that, since possible jumps make future { or continuation { of the program unpredictable, then future must become a parameter of the semantics. This guides us to the denition of the following sets: Cont = * Env = Lab * Cont :

Cont is called the set of command continuations, and Env is called the set of environments , range over Cont, Env, respectively. The semantic function ] 0 for Imp0 has the following type: c] 0 : Env ! (Cont ! Cont ): First, we dene ] 0 on the subset Act of Com 0 , for which the function ] : Act ! ( ! ) is available. Then the denition of ] 0 is extended to Com 0 . The full denition is given in gure 1.3. The tests are interpreted with the predened function ] : Bexp ! ( ! B) of section 1.5.

Exercise 1.6.1 Show that if L ` c, then c] 01 = c] 02 if 1(l) = 2(l) for all l 2 L. Exercise 1.6.2 (while/goto) A while command can be encoded in Imp0. Specically, the eect of (while b do c) can be achieved by (l : if b then (c goto l) else skip). Use this encoding to dene a translation ( )? from Imp to Imp0, and show c] = c? ] 0?id, for every c 2 Com.

We turn to the operational semantics of Imp0. The key idea is to implement continuations by using a stack to store them. (In chapter 8, similar techniques will be used to implement an extension of -calculus with control operators.) The judgments have the form hc S i ! 0, where c is a command, is a partial function from labels to

34

CHAPTER 1. CONTINUITY AND COMPUTABILITY a] 0 skip ] 0 c0 c1] 0 if b then c0 else c1] 0 goto l] 0 l : c] 0

= = = = = =

a]

id c0] 0 c1] 0 cond (b] c0] 0 c1] 0 ) (l) x (0: c] 00=l])

Figure 1.3: The denotational semantics of Imp0 commands such that dom () ` c, S is a stack { or list { of pairs (c ), and 0 are states. It is convenient to use a slightly di!erent syntax for commands c: d ::= a j skip j if b then c else c j goto l j l : c c ::= empty j d c : In other words, sequencing is also treated stackwise, with empty acting as an end marker. The operational semantics is specied as follows: a] = 0 hc S 0i ! 00 hc S i ! 00 h(a c) S i ! 00 h(skip c) S i ! 0 b] = tt h(c0 c) S i ! 0 h(if b then c0 else c1) c S i ! 0

b] = h(c1 c) S i ! 0 h(if b then c0 else c1) c S i ! 0

hc0 c0=l] (c1 ) S i ! 0 h(l : c0 ) c1 S i ! 0

h(l) S i ! 0 h(goto l) c S i ! 0

hc S i ! 0 hempty 0 (c ) S i ! 0

Exercise 1.6.3 (op/den-Imp0) * Show that the operational and denotational semantics of Imp0 agree in the following sense: hc S i ! 0 , c] ] S ] S ] = 0, where

the meanings of syntactic environments and of syntactic continuations S are dened as follows:

] (l) = (l)]] ] (recursive denition, where is a xed parameter) empty ] = id (c ) S ] = c] ] S ] S ] :

In particular, we have hc empty i ! 0 , c] emptyid = 0.

Chapter 2 Syntactic Theory of the -calculus This chapter introduces the untyped -calculus. We establish some of its fundamental theorems, among which we count the syntactic continuity theorem, which o ers another indication of the relevance of Scott continuity (cf. section 1.1 and theorem 1.3.1). The -calculus was introduced around 1930 by Church as part of an investigation in the formal foundations of mathematics and logic. The related formalism of combinatory logic had been introduced some years ealier by Schonnkel, and Curry. While the foundational program was later relativised by such results as Godel's incompleteness theorem, -calculus nevertheless provided one of the concurrent formalisations of partial recursive functions. Logical interest in calculus was resumed by Girard's discovery of the second order -calculus in the early seventies (see chapter 11). In computer science, the interest in -calculus goes back to Landin Lan66] and Reynolds Rey70]. The -notation is also instrumental in MacCarthy's LISP, designed around 1960. These pioneering works have eventually lead to the development of functional programming languages like Scheme or Standard ML. In parallel, Scott and Strachey used -calculus as a metalanguage for the description of the denotational semantics of programming languages. The most comprehensive reference on -calculus is Barendregt's reference book Bar84]. A more introductory textbook has been written by Hindley HS86]. We refer to these books for more historical pointers. In section 2.1, we present the untyped -calculus. The motivation to prove a strong normalisation theorem leads us to the simply typed -calculus, Typed calculi, and extensions of them, will be considered later in the book, particularly in chapters 4, 11, 16. In section 2.2 we present a labelled -calculus which turns out to be a powerful tool for proving many fundamental theorems of the -calculus. One of them is the syntactic continuity theorem. The proof of this theorem is a bit technical, and is the subject of section 2.3. Finally, section 2.4 35

36

CHAPTER 2. SYNTACTIC THEORY OF THE -CALCULUS

motivates the study of sequentiality, which will be undertaken in section 6.5 and chapter 14. Another fundamental theorem of the {calculus is Bohm's theorem. It is stated (but not proved) as theorem 3.2.10.

2.1 Untyped -Calculus We present the -calculus, and its basic computation rule { the -reduction. A proof of the conuence property is sketched, and the notion of standardisation is dened.

Denition 2.1.1 (-calculus) The syntax of the untyped -calculus (-calculus for short) is given by

M ::= x j MM j x:M where x is called a variable, M1 M2 is called an application, and x:M is called an abstraction. The set of all -terms is denoted by &. The following are frequently used abbreviations and terms:

x1 xn :M = x1:( xn :M ) MN1 Nn = ( (MN1) Nn) I = x:x K = xy:x = x:xx S = xyz:(xz)(yz) :

Denition 2.1.2 (head normal form) A term x1 xn:xM1 Mp, where x

may or may not be equal to one of the xi's, is called a head normal form (hnf for short).

Remark 2.1.3 Any -term has exactly one of the following two forms: either it is a hnf, or it is of the form x1 xn:(x:M )M1 Mp (n 0, p 1).

We next introduce occurrences, which provide a notation allowing to manipulate subterms. Another tool for that purpose is the notion of context. Denition 2.1.4 (occurrence) Let M be a term, and u be a word over the alphabet f0 1 2g. The subterm of M at occurrence u, written M=u, is dened as follows: M=u = N M= = M x:M=0u = N

M1=u = N M1M2=1u = N

M2=u = N M1M2=2u = N

2.1. UNTYPED -CALCULUS ]iN1 Nn] xN~ ] (C1C2)N~ ] (x:C )N~ ]

37 = = = =

Ni x C1N~ ]C2N~ ] x:(C N~ ])

Figure 2.1: Filling the holes of a context where is the empty word. The term M=u may well not be dened. If it is dened, we say that u is an occurrence of M . The result of replacing the subterm M=u by another term N is denoted M N=u]. We often write M N=u] just to say that M=u = N . We write: u v (u is a prex of v ) if 9 w (v = uw), and u 6" v (u and v are disjoint) if neither u v nor v u, or equivalently if 6 9 w1 w2 (uw1 = vw2).

Example 2.1.5 (x:xy)=02 = y (x:xy)x=02] = x:xx

Denition 2.1.6 (context) The contexts with numbered holes are dened by the following syntax (where i 2 ! ):

C ::= ]i j x j CC j x:C : If only one hole ]i occurs in a term, we denote it ] for short. In gure 2.1, we dene the operation of lling the holes of a context by a (suciently long) vector of terms. Occurrences and contexts are related as follows. Proposition 2.1.7 (occurrences / contexts) For every term M and every occurrence u of M , there exists a unique context C with a unique hole occcurring exactly once, such that M = C M=u]. Such contexts are called occurrence contexts. Free occurrences of variables are dened in gure 2.2 through a predicate Free (u M ). We dene Bound (u v M ) (u is bound by v in M ) by M=v = x:P u = v0w M=u = x Free (w P ) Bound (u v M )

38


Free ( x) Free (u M ) Free (1u MN )

Free (u N ) Free (2u MN )

Free (u M ) M=u 6= x Free (0u x:M )

Figure 2.2: Free occurrences If we are not interested in the actual occurrences at which variables appear bound or free, we can dene the sets FV (M ) and BV (M ) of free and bound variables of M by FV (M ) = fx j 9 u M=u = x and Free (u M )g BV (M ) = fx j 9 u v M=u = x and Bound (u v M )g : If M is a term and x 62 FV (M ), one often says that x is fresh (relatively to M ). The denition of substitution of a term for a (free) variable raises a diculty (there is a similar diculty for the quantiers in predicate calculus). We expect y:x and z:x to be two di erent notations for the same thing: the constant function with value x. But careless substitution leads to (y:x)y=x] = y:y (z:x)y=x] = z:y : We want z:y, not y:y, as the result. We thus have to avoid the capturing of free variables of the substituted term. This leads to the denition of substitution given in gure 2.3. The choice of z satisfying the side condition in the last clause of gure 2.3 is irrelevant: we manipulate terms up to the following equivalence , called -conversion: () C x:M ] C y:(M y=x])] (y 62 FV (M )) for any context C and any term M . The basic computation rule of -calculus is -reduction. Denition 2.1.8 ( -rule) The -rule is the following relation between -terms: ( ) C (x:M )N ] ! C M N=x]] where C is an occurrence context and M N are arbitrary terms. A term of the form (x:M )N is called a redex. The arrow ! may be given optional subscripts u (to witness the occurrence of the redex being reduced) or (to clarify that the reduction is a -reduction).

2.1. UNTYPED -CALCULUS xN=x] yN=x] (M1M2)N=x] (y:M )N=x]

= = = =

39

N y (y 6= x) (M1N=x])(M2N=x]) z:(M z=y]N=x]) (z 62 FV (M ) FV (N ))

Figure 2.3: Substitution in the -calculus

(x:M )N ! M N=x] M ! M 0 () N ! N 0 M ! M0 ( ) MN ( ) ! M 0N MN ! MN 0 x:M ! x:M 0 Figure 2.4: -reduction In gure 2.4, we give an alternative presentation of -reduction, by means of an axiom and inference rules. Denition 2.1.9 (derivation) We denote by ! (or simply !) the re exive and transitive closure of ! , and use !+ to express that at least one step is performed. The re exive, symmetric, and transitive closure of ! is denoted simply with = . A derivation is a sequence of reduction steps M !u1 M1 !un Mn , written D : M ! Mn , with D = u1 un.

Example 2.1.10 II ! I !

SKK ! I (x:f (xx))(x:f (xx)) ! f ((x:f (xx))(x:f (xx))) :

The last two examples show that there are innite reduction sequences. Moreover, the last example indicates how xpoints can be encoded in the -calculus. If we set Y = f:(x:f (xx))(x:f (xx)) then we have Y f = f (Y f ). Another rule, in addition to , is often considered: ( ) C x:Mx] ! C M ] (x 62 FV (M )):

40


This is an extensionality rule, asserting that every term is a function (if it is read backwards). The -rule is not studied further in this chapter, but will be considered in chapter 4. Remark 2.1.11 Any reduction sequence starting from a head normal form x1 xn:xM1 Mp consists of an interleaving of independent reductions of M1 : : : Mp . By this we mean: ( 1 xn :xN1 Np and (x1 xn:xM1 Mp ! P ) ) 9 N1 : : : Np P8 i=x p Mi ! Ni : We omit most details of the proofs of the next results (see e.g. HS86]). Lemma 2.1.12 1. If M ! M 0, then M N=x] ! M 0 N=x]. 2. If N ! N 0 , then M N=x] ! M N 0 =x]. Lemma 2.1.12 is the key to the proof of the following property, called local conuence. Proposition 2.1.13 (local conuence) The -reduction is locally con uent: if M ! N and M ! P , then N ! Q and P ! Q for some Q. The following is one of the fundamental theorems of the -calculus. Theorem 2.1.14 (Church-Rosser) The -reduction is con uent: If M ! N and M ! P , then N ! Q and P ! Q for some Q. Proof hint. In section 2.2, the theorem will be proved completely as a consequence of a powerful labelling method. Here we sketch an elegant direct proof due to Tait and Martin-Lof. A strongly conuent relation is a relation ) that satises M ) N M ) P implies 9 Q N ) Q and P ) Q: By a straightforward paving argument, the strong conuence of a relation ) implies the conuence of ). Unfortunately, -reduction is not strongly conuent: (x: x x )N ! (x: x x )N 0 ! N 0 N 0 (x: x x )N ! N N !2 N 0 N 0 (by !2, we mean that the reduction from N N to N 0 N 0 takes at least two steps). But parallel reduction, dened in gure 2.5, is strongly conuent. In a parallel reduction, several redexes can be simultaneously reduced in one step. For example, we have N N ) N 0 N 0 . Finally, the conuence of ! easily follows from the following inclusions, which hold by denition of parallel reduction: ! ) !. 2 The following exercise states a negative result due to Klop Klo85].

2.1. UNTYPED -CALCULUS

41

M ) M0 N ) N0 M )M (x:M )N ) M 0N 0=x] M ) M0 M ) M0 N ) N0 MN ) M 0N 0 x:M ) x:M 0 Figure 2.5: Parallel -reduction

Exercise 2.1.15 * Suppose that three constants D F S are added to the -calculus, together with the following new rewriting axiom:

(SP ) D(Fx)(Sx) ! x: Show that conuence fails for +(SP ). Hints CH94]: (1) Consider the following so-called Turing xpoint combinator:

YT = (xy:y ((xx)y )(xy:y ((xx)y): The advantage of this term over Y (cf. example 2.1.10) is that YT f is not only equal to, but reduces to, f (YT f ). Set C = Y (xy:D(F (Ey ))(S (E (xy )))) and B = Y C , where E is a free variable. (2) Notice that B ! A and B ! CA, where A = E (CB). Show that A and CA have no common reduct, by contradiction, taking a common reduct with a minimum number of E 's in head position. Another fundamental theorem of the -calculus is the standardisation theorem. It will fall out from the general technique of section 2.2, but we shall need part of it to develop this technique. As a rst approximation, a reduction from M to N is standard when it does not reduce a redex if there is no need to reduce it. For example (x:y)( ) !2 (x:y)( ) ! y is not standard, because the nal term y of the sequence could have been reached without reducing the redex at occurrence 2 in (x:y)( ), since we have, directly:

(x:y)(

) ! y:

The standardisation theorem asserts that any derivation M ! N can be transformed to a standard derivation from M to N . To formalise the notion of standard reduction, we need to dene the notion of residual, which formalises what a redex in a term M becomes after the reduction of a di erent redex of M .

Denition 2.1.16 (residual) If u, v are redex occurrences in a term M , and if M !u N , then v=u, the set of residuals of v after the reduction of u, is dened


42 by

8 fv g (u 6" v or v < u) > > fuw0w j Bound (u10w0 u1 M )g ((vv = = u2w) > : fuwg

(v = u10w) : The notation is easily extended to V=D, where V stands for a set of redex occurrences, and D for a derivation.

V=u = Sfv=u j v 2 V g V=(uD) = (V=u)=D :

Here is an informal description of v=u. Let M=u = (x:P )Q and M=v = (y:R)S : The second case is obvious: a redex is entirely \consumed" when it is reduced. The rst and the last cases of the denition correspond to the situation where the redex at v \remains in place". { If u 6" v, then N=v = M=v. { If v < u, then M=u is a subterm of R or S , say of R, and N=v has the form (y:R0)S for some R0. { If v = u10w, the occurrence of the redex at v has to be readjusted, and moreover the redex gets instantiated:

P=w = ((x:P )Q)=10w = M=v = (y:R)S N=uw = (P )Q=x]=w = (P=w)Q=x] = (y:RQ=x])S Q=x] :

In the third case, the subterm at occurrence v is a subterm of Q, and gets copied by the substitution which replaces x by Q. In particular the redex (y:R)S may be duplicated if there is more than one free occurrence of x in P . If on the contrary x 62 FV (P ), then v has no residual.

Example 2.1.17 For M = I ((x:(Ix)x)(x:Ix)), we have: 220=2101 = f220g =2 = fg 2=2 = 2101=2 = f21g 220=2 = f212 22g:

Denition 2.1.18 (left) If u, v are redex occurrences of M , we say that u is to the left of v if

u < v or

9 w u0 v 0

(u = w1u0 and v = w2v0)

or equivalently, if the rst symbol of the redex at u is to the left of the rst symbol of the redex at v .

2.2. THE LABELLED -CALCULUS

43

Denition 2.1.19 (standard) A derivation D : M = M0 !u M1 !un Mn 1

is called standard if 8 i j 1 i < j n )6 9 u to the left of ui such that uj 2 u=Dij stnd where Dij : Mi;1 !ui Mi !uj 1 Mj ;1 . We then write M ;! Mn. A special case of standard derivation is the normal derivation, which always derives the leftmost redex. We write M norm ;! N if N is reached from M by the normal derivation. We denote with Val (M ) the abstraction, if any, characterised by M0 = M norm ;! Val (M ) = Mn and 8 i < n Mi is not an abstraction: ;

Example 2.1.20 The derivation (x:y)(

) !2 (x:y)( ) ! y is indeed standard. Set u1 = 2 and u2 = . Then = =2 = =D12, and is to the left of 2 in (x:y )( ). stnd Lemma 2.1.21 If D : M ;! x:N , then D decomposes into stnd M norm ;! Val (M ) ;! x:N: Proof. By induction on the length of D. If M is already an abstraction, then the

statement holds vacuously. If M = xM1 Mp, then all its reducts have the form xN1 Np, hence the statement again holds vacuously. If M = (x:M )M1 Mp, and the rst step in D does not reduce the leftmost redex, then the denition of standard implies that the terms in D all have the form M = (x:P )P1 Pp. Hence the rst step of D must be the rst step of the normal derivation. The conclusion then follows by induction. 2

2.2 The Labelled -Calculus In this section, we introduce simple types, and show that simply typed terms are strongly normalisable. Next we introduce Levy's labelled -calculus, and prove a more general strong normalisation theorem. The following fundamental theorems of the -calculus appear as simple consequences of this general theorem: the conuence of -reduction, the standardisation theorem, the nite developments theorem of the -calculus, the syntactic continuity theorem. In this section and in the following one, we follow Lev78] and Ber79]. Denition 2.2.1 (strongly normalisable) A -term M is called strongly normalisable if there is no innite -derivation starting from M . We denote by SN the set of strongly normalisable expressions. A term which cannot be further reduced is called a normal form.


44

Denition 2.2.2 (size,reduction depth) The size of a term M is dened as follows:

size (x) = 1 size (MN ) = size (M ) + size (N ) + 1 size (x:M ) = size (M ) + 1: If M 2 SN , the maximal length of a derivation starting from M is called the reduction depth of M , and is denoted depth (M ).

Conuence and normalisation are the cornerstones of (typed) -calculus and rewriting theory. They ensure that any term has a unique normal form, which is a good candidate for being considered as the nal result of the computation. The two properties1 imply the decidability of the equality, dened as the reexive, transitive and symmetric closure of !. To decide whether two terms M , N are -equal, reduce M , N to their normal form, and check whether these normal forms coincide (up to -conversion). As a stepping stone for our next results, we show the standardisation theorem for strongly normalisable terms. stnd Lemma 2.2.3 If M 2 SN and M ! N , then M ;! N. Proof. By induction on (depth (M ) size (M )). The only non-trivial case is M = M1M2. stnd stnd If N = N1 N2 and M1 ! N1 , M2 ! N2 , then M1 ;! N1 , M2 ;! N2 by stnd stnd induction, and we have M1M2 ;! N1M2 ;! N1N2. Otherwise, M1 M2 ! (x:N1)N2 ! N1 N2=x] ! N , with M1 ! x:N1 and M2 ! N2. By induction and lemma 2.1.21: stnd M1 norm ;! x:P ;! x:N1:

+ Hence M1M2 norm ;! P M2 =x]. Also, by lemma 2.1.12, P M2 =x] ! N follows from stnd P ! N1, M2 ! N2 and N1N2=x] ! N . Hence, by induction, P M2=x] ;! N . We conclude by observing that prexing a standard derivation with a normal derivation yields a standard derivation. 2

Lemma 2.2.4 The following implication holds: stnd M N=x] ;! y:P )

(

(M ! y:Q and QN=x] ! P ) or M ! M 0 = xM10 Mn0 and M 0N=x] ! y:P :

Proof hint. The statement follows quite easily from lemma 2.1.21.

2

We now engage in an attempt to show that any term M is strongly normalisable. We know by the example ! that this property does not hold Actually, only the existence of an eective way to reduce a term to a normal form is sucient for this purpose. 1


45

for arbitrary terms. But it holds for typed terms (and more generally for labelled terms whose labels are bounded, as we shall see in section 2.2). Types will be introduced right after we discover a failure in our proof attempt. We proceed by induction on size (M ), as in the proof of lemma 2.2.3. We examine all the reduction paths originating from M . The only non-trivial case is M = M1M2. If M1 and M2 never interact, then we conclude by induction on the size. Otherwise, we have M1 ! x:N1, M2 ! N2, and M ! N1N2=x]. By induction, N1, N2 are strongly normalisable. Hence, strong normalisation can be proved from the following property: (SN ) M N 2 SN ) M N=x] 2 SN : Let us see how an attempt to prove (SN ) by induction on (depth (M ) size (M )) fails. The only interesting case is M = M1M2 M1N=x] ! y:P and M2N=x] ! N2 (as above). We want to prove: (1) P N2=y] 2 SN : By induction and lemma 2.2.3, we can apply lemma 2.2.4. We thus consider two cases: (A) M1 ! y:Q and QN=x] ! P : Consider M 0 = QM2=y]. The conclusion P N2=y] 2 SN follows from: { M !+ M 0, hence depth (M 0) < depth (M ), and M 0N=x] 2 SN by induction. 0N=x] = QN=x]M2N=x]=y] ) M { QN=x] ! P and M N=x] ! N ) M 0 N=x] ! P N2=y]. 2

2

(B) M1 ! M 0 = xP1 Pn and M 0N=x] ! y:P : This is where we get stuck. Think of . To get around the diculty, it would be enough to have a new measure for which we could show, in case (B): (2) (N2) < (N ): Then we could carry the whole argument, by induction on ((N ) depth (M ) size (M )): Let us briey revisit the proof atttempt. Case (A) is unchanged, since the induction is applied to M 0N=x], for which the rst component of the ordinal is the same as for M and N . Case (B) is settled by the decreasing of the rst component of the ordinal. The simply typed -calculus o ers such a measure .


46

Denition 2.2.5 (simple types) The simple types are dened by the following syntax:

::= j ! where ranges over a collection K of basic types. The size of a type is dened by

size () = 1 size ( ! ) = size () + size ( ) + 1:

In other words, types are built from a collection of basic types (like natural numbers, or booleans) by a unique constructor, the function space constructor. Next we introduce a syntax of raw typed terms. Denition 2.2.6 (raw typed) The raw simply-typed terms are -terms, all of whose occurrences are labelled by a type. Formally, they are the terms P declared by the following mutually recursive clauses: M ::= x j PP j x:P P ::= M : To a raw typed term P we associate an untyped term by stripping all type superscripts. We denote the resulting term by erase (P ). Denition 2.2.7 (typed) The typed terms, or ! -terms, are the raw typed terms P satisfying the following constraints: 1. All the free occurrences of x in P have the same superscript. 2. If P = (M 1 M 2 ) 3 , then 1 = 2 ! 3. 3. If P = (x:M 1 ) 2 , then 2 = 3 ! 1 for some 3, and all free occurrences of x in M have superscript 3. The typed -reduction is dened by ( !) P (x:M ) ! N =u] !u P M N =x ]=u]:

In this chapter, we consider typed -calculus only in passing, on our way to Levy's labelled -calculus. Our presentation of the simply typed -calculus in denition 2.2.7 is rather ad hoc. A more standard presentation is by means of sequents. Natural deduction and sequent presentations of the simply typed -calculus are discussed in section 4.1. Lemma 2.2.8 (subject reduction) If erase (M ) ! N , then M ! N 0 for some N 0 such that erase (N 0 ) = N .

Theorem 2.2.9 (strong normalisation { simple types) In the simply typed -calculus all terms are !-strongly normalisable.


47

Proof. The argument attempted above now goes through. We prove

(SN !) M N 2 SN ) M N =x ] 2 SN by induction on (size () depth (M ) size (M )). The typed version of the crucial case (B) is: M = M1 ! M2

M1 ! ! M 0 ! = x 1! ! n ! ! P1 1 Pn n M 0 ! N =x ] ! y:P M2 N =x ] ! N2 : with = 1 ! ! n ! 0 ! . Then size (0) < size (). Hence, dening (N ) as the size of the type of N , condition (2) holds. 2 0

0

0

0

0

0

0

0

We now turn to a more general system of labels. Denition 2.2.10 (labels) We dene a calculus of labels by the following syntax: ::= e j j j : where e ranges over an alphabet E of atomic labels (E stands for \etiquette"). We let range over labels. The height of a label l is dened as follows: height (e) = 0 (e 2 E ) height () = height () = height () + 1 height ( ) = maxfheight () height ( )g : Labelled terms are dened in the same way as (raw) typed terms. Denition 2.2.11 (labelled terms) Labelled terms P are dened by the following mutually recursive syntax: M ::= x j PP j x:P P ::= M : We write M = M , and height (M ) = height (). Substitution for labelled terms is dened in gure 2.6. We dene M P=x], where M ranges over labelled terms and P ranges over labelled terms or unlabelled variables (the latter arise from -conversion). As for the typed terms, the erasure of a labelled term is obtained by stripping o the labels. The labelled version Pl of -reduction is dened relatively to a predicate P on labels: (Pl ) P ((x:P ) Q) =u] !u P P Q=x]=u] if P () holds: The label is called the degree of the redex. Unrestricted labelled restriction is dened as the labelled reduction with respect to the full predicate consisiting of all labels.

48

CHAPTER 2. SYNTACTIC THEORY OF THE -CALCULUS x P=x] x z=x] y P=x] (P1 P2) P=x] (y:P ) P=x]

= = = = =

P (P is a labelled term) z y (y 6= x) (P1P=x]P2P=x]) (z:M z=y]P=x]) (z 62 FV (M ) FV (N ))

Figure 2.6: Substitution in the labelled -calculus

Denition 2.2.12 (q-bounded) Let q 2 !. A q-bounded predicate is a predicate P such that (8 P () ) height () q ).

Theorem 2.2.13 (strong normalisation { labels) If P is q-bounded for some

q, then all labelled terms are strongly Pl -normalisable. Proof hint. Similar to the proof of theorem 2.2.9. We prove (SN lP ) P N 2 SN ) P N =x] 2 SN by induction on (q ; height () depth (P ) size (erase (P ))). The labelled version of the crucial case (B) is: P = (P1 P2) P1 ! P 0 = ( (x P1) 1 Pn) n P 0N =x] ! (y:Q1) P2N =x] ! Q2 : Since P N =x] ! ((y:Q1) Q2) ! Q1 Q2=y], property (2) is rephrased here as height () < height ( Q2). A fortiori it is enough to prove height () height ( ) (notice the use of underlining). This will follow from the following claim:

Claim. ( (M P1 )

Pn )n !

(y:Q) ) height ( ) height ( ) We prove the claim by induction on the length of the derivation. The only interesting case is M = x:P . If n = 0, then = . If n > 0, then ( (M P1)1 Pn )n ! ( (1 P P1=x]) Pn )n and we conclude by induction, since height ( ) height (1 P P1=x]). Applying the claim to = and M = N , we get height () height ( ) height ( ). 2 1


49

Now we show how the conuence property and the standardisation theorem (general case) follow from theorem 2.2.13. Lemma 2.2.14 If D : P ! Q and v 2 u=D, then P=u and Q=v have the same degree. Proposition 2.2.15 If P is q-bounded, then Pl - reduction is con uent. Proof. We get local conuence by proving a labelled version of lemma 2.1.12, using lemma 2.2.14. Then we use Newman's lemma (see exercise 2.2.16): Pl is conuent, since it is locally conuent and strongly normalising. 2 Exercise 2.2.16 (Newman) Prove that any locally conuent and strongly normalising system is conuent. Hint: use induction on the depth of the term from which the two derivations originate.

Next we transfer labelled conuence to the unlabelled calculus. We start with a term M , which we label arbitrarily. That is, we construct P such that erase (P ) = M . If M ! M1 and M ! M2 , then, with unrestricted labelled reduction, we get P ! P1 P ! P2 with erase (P1) = M1 erase (P2) = M2: Next we construct a predicate P that ts the situation: P () i is the degree of a redex reduced in P ! P1 or P ! P2 . This predicate is nite, hence bounded. Thus we can complete P1 ! P3, P2 ! P3 by Pl -reduction, by proposition 2.2.15, and we get M1 ! erase (P3) and M2 ! erase (P3 ). This gives an alternative proof of theorem 2.1.14. stnd Theorem 2.2.17 (standardisation) If M ! N , then M ;! N. Proof. By theorem 2.2.13 and (a labelled version of) lemma 2.2.3, using P

dened as follows: P () i is the degree of a redex reduced in M ! N . 2 Corollary 2.2.18 (normal) If M has a normal form N , then M norm ;! N . stnd Proof. By theorem 2.2.17, we have M ;! N . If at some stage the leftmost redex was not reduced, it would have a residual in N : contradiction, since N is a normal form. 2 Next we dene the notion of development, and we prove the nite developments theorem. Denition 2.2.19 (development) A derivation M !u1 M1 !un Mn is relative to a set F of redex occurrences in M if u1 2 F , and ui is a residual of an occurrence in F , for all i > 1. If moreover Mn does not contain any residual of F , then M !u1 M1 !un Mn is called a complete development (or development for short) of M relative to F .

50


Theorem 2.2.20 (nite developments-1) Let M , F be as above. All reductions relative to F terminate, and they terminate on the same term.

Proof. Take P such that erase (P ) = M , and dene P by: P () i is the

degree of a redex of F . The conclusion then follows by lemma 2.2.14.

2

In the following exercises, we propose a stronger version of the nite developments theorem, and we indicate how simple types can be related to labels. Exercise 2.2.21 (nite developments-2) * If M !u N and v is a redex occurrence of N that is not a residual of a redex occurrence in M , we say that v is created by u. (1) Let , be the degrees of the redexes u in M and v in N . Show height ( ) > height (), (2) Show that if D : M ! N and D0 : M ! N are two developments of M relative to F , then G=D = G=D0 for any derivation G originating from M . Hints: There are three cases of redex creation: (xy:M )N1N2 (u = 1 v = ) I (x:M )N (u = 1 v = ) (x:C xN ])(x:M ) (u = v = any occurrence of ]) :

Overlining is crucial in the proof of (1). Choose the initial labelling of M such that the degrees of F are distinct letters of E .

Exercise 2.2.22 * Derive theorem 2.2.9 as a corollary of theorem 2.2.13. Hints: Take

as E the nite collection of the types of the subterms of M (the term we start from). Dene # from labels to types by ) = ( ! ) #() = ( ! ) #() = #( ) #( ) = #(#( ) = #() = #( ) = #() Dene P () as #() #. For P whose labels all satisfy P , dene #(P ) as the term obtained by applying # to all labels. Say that P is well-behaved if all its labels satisfy P and if #(P ) is well typed. Show that any Pl -reduct Q of a well-behaved term P is well- behaved, and that #(P ) ! -reduces to #(Q).

There exist many other proofs of nite developments, of conuence, and of standardisation. In exercise 2.2.23, we propose a particularly simple recent proof of nite developments due to Van Raamsdonk vR96]. In exercises 2.2.24 and 2.2.25, we propose proofs of conuence and of standardisation based on nite developments. Exercise 2.2.23 Consider the set of underlined -terms, dened by the following syntax:

M ::= x j MM j x:M j (x:M )M:

Consider the least set F D of underlined terms containing the variables, closed under abstraction and application, and such that, for all underlined M N :

(M N=x] 2 F D and N 2 F D) ) (x:M )N 2 F D:

2.3. SYNTACTIC CONTINUITY *

51

Show that F D is the set of all underlined terms, and exploit this to show the nite developments theorem. Hint: nite developments amount to the strong normalisation of underlined -reduction (x:M )N ! M N=x].

Exercise 2.2.24 Show conuence as a consequence of nite developments. Hint: con-

sider any development as a new notion of one step reduction.

Exercise 2.2.25 Show the standardisation theorem as a consequence of the nite developments theorem, by the following technique, which goes back to Curry. Let D : M0 !u0 M1 !u1 M1 ! Mn be the reduction sequence to standardise. Take a left-

most (cf. denition 2.1.18) occurrence u in the set of redex occurrences of M that have a residual reduced in D. Let M !u M01 , and build the reduction sequence M01 ! Mj1 = Mj+1 where each step is a nite development of u=ui, where (because u is leftmost) Mi !u M1i , and where u = uj . Continue the construction, applying it to the sequence D1 : M01 ! Mj 1 ! Mj +2 ! Mn , which is shorter than D.

2.3 Syntactic Continuity *

Recall that a head normal form is a term of the form x1 xn :xM1 Mp . We dene an algebraic (or symbolic) semantics for the -calculus. We interpret the (nite) terms as (potentially) innite terms. For this purpose, we need to introduce partial terms (cf. exercise 1.1.24) to allow for a description of nite approximations. Denition 2.3.1 (Bohm trees) The set N is dened by

A1 2 N

N

Ap 2 N

2N x1 xn :xA1 Ap 2 N is a subset of the set of partial -terms, also called -terms, dened by

M ::= j x j MM j x:M and inherits its order, dened by:

M1 M10 M2 M20 M1 M2 M10 M20

M M0 M x:M x:M 0 The elements of the ideal completion (cf. proposition 1.1.21) N 1 of N are called Bohm trees. For any -term M , we dene ! (M ) 2 N , called immediate aproximation of M , as follows:

!(M ) =

(

if M = x1 xn :(x:M )M1 Mp x1 xn:x!(M1) ! (Mp ) if M = x1 xn :xM1 Mp

where p 1 is assumed in the rst case. The function ! is extended to -terms by setting ! (x1 xn :M1 Mp ) = .

Lemma 2.3.2 If M ! N , then !(M ) !(N ).

52


Proof. By induction on the size of M . If M = x1 xn :xM1 Mp , then the

reduction occurs in one of the Mi 's, and induction can be applied. Denition 2.3.3 For any -term M we dene BT (M ) = Wf!(N ) j M BT (M ) is called the Bohm tree of M .

2

!

N g.

By lemma 2.3.2 and by conuence, f! (N ) j M ! N g is directed, for xed M , hence Bohm trees are well dened. The immediate approximation ! (M ) can be understood as the current approximation of BT (M ), obtained (roughly) by replacing the redexes with 's. It is sometimes called a partial normal form. If computation proceeds, with M ! N , then ! (N ) may be a better partial normal form of M .

Example 2.3.4 If M 2 SN then BT (M ) is the normal form of M: BT ($$) = : W BT ((x:f (xx))((x:f (xx))) = n0 f n ():

The last example shows that Bohm trees can be innite.

Proposition 2.3.5 If M ! N , then BT (M ) = BT (N ). Proof hint. Use the conuence property.

2

Lemma 2.3.6 If M and N dier only by the replacement of some (disjoint) occur-

rences of subterms of the form x1 xn :M1 Mp by or vice-versa, then BT (M ) = BT (N ). Proof hint. If M , N are as in the statement, then ! (M ) = ! (N ) moreover, if

M ! M 0 , then either !(M 0) = !(N ) or ! (M 0) = ! (N 0) for some N 0 such that N ! N 0. 2 Let M be a -term, and F be a set of redex occurrences in M . Then F determines a context CMF such that M = CMF R~ ], where R~ enumerates fM=u j u 2 F

and (v < u ) v 62 F )g:

Lemma 2.3.7 Let M , F be as above. Then !(CMF ~ ]) = !(M ). Proof. By the denition of ! and by simple induction on the size of M .

2

We say that a derivation M !u1 M1 !un Mn does not touch a set F of redex occurrences in M if none of the ui 's is a residual of an occurrence in F . We write :F Mn . M ;!

:F N , then CMF ~ ] ! CNF=D~ ]. Lemma 2.3.8 If D : M ;!

2.3. SYNTACTIC CONTINUITY *

53

Proof. The one step case implies the multistep case straightforwardly. Let thus

D = u: There are two cases: ~ ] = CMF ~ ]: 9 u1 2 F u1 < u : Then u1 =u = fu1g hence CNF=u ~ ~ ]: 8 u1 2 F (u < u1 or u 6" u1 ) : Then CMF ] !u CNF=u

2

:M N for C M~ ] ;! :F N . When F is the set of all redexes in M~ , we write C M~ ] ;! ~

Lemma 2.3.9 (inside-out) If C M~ ] ! P , then there exist N~ , Q such that :N~ Q and P ! Q ~ C N~ ] ;! M~ ! N where M~ ! N~ has the obvious componentwise meaning.

~ ] is labelled. Let P Proof. Once more, we use labelled reduction. Assume that C M

consist of the degrees of the redexes reduced in C M~ ] ! P . Let N~ be the Pl -normal forms of M~ . By Pl -conuence, we have P ! Q and C N~ ] ! Q, for some Q. Let u be an occurrence of a -redex in N~ . Since the components of N~ are normal, the degree of u, which by lemma 2.2.14 is the degree of all its residuals, does not satisfy P , hence u is not reduced in the derivation C N~ ] ! Q. 2 Informally, the lemma says that reductions can be rst carried out \inside" (in the terms M~ ), and then \outside" only. In this outside phase, the actual nature of the redexes in N~ is irrelevant, as formalised by the next lemma.

:N~ Q, then !(Q) BT (C !(N~ )]). Lemma 2.3.10 If D : C N~ ] ;! Proof. Let F be the family of all the redex occurrences in N~ . By lemma 2.3.8 we

have CC N~ ]F ~ ] ! CQF=D ~ ]. Hence ! (Q) = ! (CQF=D~ ]) BT (CC N~ ]F ~ ]), by lemma 2.3.7 and by denition of Bohm trees. We are left to prove

~ ]) = BT (C ! (N~ )]) BT (CC N~ ]F which follows from lemma 2.3.6.

2

Finally, we can prove the main result of the section: the context operation is continuous. This result is due to Hyland and Wadsworth, independently Wad76, Hyl76]. We follow the proof of L%evy Lev78].

Theorem 2.3.11 (syntactic continuity) For all contexts C , for any M~ and any B 2 N , the following implication holds: B BT (C M~ ]) ) (9 A~ 2 N~ (A~ BT (M~ ) and B BT (C A~ ])):

54


~ ]), then C M~ ] ! P for some P such that B ! (P ). By Proof. If B BT (C M

:N Q, and P lemma 2.3.9, there exist N~ , Q such that M~ ! N~ , C N~ ] ;! have: !(P ) !(Q) by lemma 2:3:2 and !(Q) BT (C !(N~ )]) by lemma 2:3:10 : ~

!

Q. We

Take A~ = ! (N~ ). Then B !(P ) ! (Q) BT (C A~ ]) 2 A~ BT (M~ ) by denition of Bohm trees: Thus, informally, the proof proceeds by organizing the reduction in an inside-out order, and by noticing that the partial information gathered about the Bohm trees of M~ during the inside phase is sucient.

Exercise 2.3.12 (C -cont) Let M , N be -terms such that M N . Show that BT (M ) BT (N ). This allows us to dene C : N 1 ! N 1 , for any context C , by

_ C (A) = fBT (C B]) j B A and B is niteg: Show that C (BT (M )) = BT (C M ]), for any M .

2.4 The Syntactic Sequentiality Theorem * The context operation is not only continuous, but also sequential. The syntactic sequentiality theorem, due to Berry Ber79], which we present in this section, motivates a semantic investigation of sequentiality, which is covered in section 6.5 and chapter 14. Two technical lemmas are needed before we can state the theorem.

Lemma 2.4.1 If M is an -term and M ! M 0, then there exists a mapping y from the set fv1 : : :vn g of occurrences of in M 0 to the set of occurrences of in M such that N ! M 0 (N=v1y)=v1 : : : (N=vny )=vn ], for any N > M . In particular, if M ! M 0 and N > M , then there exists N 0 > M 0 such that N ! N 0.

Lemma 2.4.2 If the normal derivation sequence from M contains only terms of the form M 0 = x1 xn :(x:P 0)M10 Mk0 , then BT (M ) = . Proof. As in corollary 2.2.18. Suppose BT (M ) 6= . Then there exists a derivation

M ! M 00 = x1 xn:yM100 Mk00

and we can suppose that this derivation is standard, by theorem 2.2.17. But the shape of M 00 forces this derivation to be actually normal. 2 The following theorem asserts that the function BT is sequential. A general denition of sequential functions will be given in section 14.1

2.4. THE SYNTACTIC SEQUENTIALITY THEOREM *

55

Theorem 2.4.3 (syntactic sequentiality) The Bohm tree function satises the fol-

lowing property: for any -term M and any u such that BT (M )=u = and BT (P )=u 6= for some P > M , there exists v , depending on M , u only, such that whenever N > M and BT (N )=u 6= , then N=v 6= Proof. By induction on the size of u. Suppose BT (M )=u = , M < N , and

BT (N )=u 6= . We distinguish two cases:

1. BT (M ) 6= . Then

M ! M 0 = x1 xn :yM10 Mk0 and BT (M ) = BT (M 0 ) = x1 xn :y BT (M10 ) BT (Mk0 ) : We observe that any N 0 > M 0 has the form N 0 = x1 xn :yN10 Nk0 , and also that BT (N 0) = x1 xn :y BT (N10 ) BT (Nk0 ). Then u occurs in some BT (Mi0 ), so that we can write BT (M 0)=u = BT (Mi0 )=u0 (= ), for an appropriate proper sux u0 of u. On the other hand, let N > M with BT (N )=u 6= , and let N 0 > M 0 be such that N ! N 0. Then Ni0 > Mi0 and BT (Ni0)=u0 = BT (N 0)=u = BT (N )=u 6= . We can thus apply induction to Mi0 , u0 , and obtain an index v at M 0 , u. It remains to bring this index back to M . This is done thanks to lemma 2.4.1: the index at M , u is v y, in the terminology of this lemma. Indeed, if N > M and N=v y = , then by the lemma: N ! N 0 hence BT (N ) = BT (N 0) 0 0 with N > N and N =v = hence BT (N 0)=u = : Putting this together, we have BT (N )=u = , which shows that v y is a sequen-

tiality index. 2. BT (M ) = . Suppose that the leftmost reduction sequence from M contains only terms of the form M 0 = x1 xn :(x:P 0)M10 Mk0 . Then the normal sequence from N is the sequence described by lemma 2.4.1, whose terms are of the same shape, which entails BT (N ) = by lemma 2.4.2. Hence the leftmost reduction sequence from M contains a term M 0 = x1 xn :M10 Mk0 . The only chance of getting BT (N 0) 6= for an N 0 > M 0 is to increase M 0 in his head , which is therefore a sequentiality index at M 0, u. As above, we use lemma 2.4.1 to bring this index back to M . 2

Exercise 2.4.4 (C -seq) Show, as a corollary of theorem 2.4.3, that the function C dened in exercise 2.3.12 is sequential. (The reader can refer to denition 14.1.8, or guess a denition.)

56


Chapter 3 D1 Models and Intersection Types In this chapter we address the fundamental domain equation D = D ! D which serves to dene models of the -calculus. By \equation", we actually mean that we seek a D together with an order-isomorphism D = D ! D. Taking D = f?g certainly yields a solution, since there is exactly one function f : f?g ! f?g. But we are interested in a non-trivial solution, that is a D of cardinality at least 2, so that not all -terms will be identied! Domain equations will be treated in generality in chapter 7. In section 3.1 we construct Scott's D1 models as order-theoretic limit constructions. In section 3.2 we dene -models, and we discuss some properties of the D1 models. In section 3.3, we present a class of -models based on the idea that the meaning of a term should be the collection of properties it satises in a suitable \logic". In section 3.4 we relate the constructions of sections 3.1 and 3.3, following CDHL82]. Finally in section 3.5 we use intersection types as a tool for the syntactic theory of the -calculus Kri91, RdR93].

3.1

D1

Models

In chapter 1, we have considered products and function spaces as constructions on cpo's. They actually extend to functors (and are categorical products and exponents, as will be shown in chapter 4). Here is the action of ! on pairs of morphisms of Dcpo. Denition 3.1.1 (! functor) Let D D0 E E 0 be dcpo's and f : D0 ! D and g : E ! E 0 be continuous. Then f ! g : (D ! E ) ! (D0 ! E 0) is dened by (f ! g)(h) = g h f: Notice the \reversal" of the direction: f goes from D0 to D, not from D to D0. This is called contravariance (cf. appendix B). 57

58

CHAPTER 3. D1 MODELS AND INTERSECTION TYPES

The association D 7! D ! D is not functorial in Cpo, because it is both contravariant and covariant in D. But it becomes functorial in the category of cpo's and injection-projection pairs.

Denition 3.1.2 (injection-projection pair) An injection-projection pair be-

tween two cpo's D and D0 is a pair (i : D ! D0 j : D0 ! D), written (i j ) : D !ip D0 , such that j i = id and i j id where is the pointwise ordering, cf. proposition 1.4.4. If only j i = id holds, we say that (i j ) is a retraction pair and that D0 is a retract of D. Injectionprojection pairs are composed componentwise:

(i1 j1) (i2 j2) = (i1 i2 j2 j1) and the identity injection-projection pair is (id id ).

Proposition 3.1.3 If (i j ) : D !ip D0 is an injection-projection pair, then i determines j . Moreover, if D is algebraic, then j is dened as follows: _ j (x0) = fy j i(y) x0g: Proof. Suppose that (i j 0) is another pair. Then observe:

j 0 = id j 0 = j i j 0 j id = j:

The second part of the statement follows from the fact that an injection-projection pair isWa fortiori an adjunction, i.e., i(d) x0 i d j (x0). Then Wfd j i(d) x0g = fd j d j (x0)g = j (x0). 2 Proposition 3.1.4 1. For any injection-projection pair (i j ) : D !ip D0, i maps compact elements of D to compact elements of D0 . 2. If D D0 are algebraic dcpo's, a function i : D ! D0 is the injection part of an injection-projection pair (i j ) i i restricted to K(D) is a monotonic injection into K(D0) such that for any nite M K(D), if i(M ) is bounded by d0 in K(D0 ), then M is bounded in K(D) by some d such that i(d) d0 . W 0 Proof. (1) If i(d) , then d = j (i(d)) j (W 0) = W j ( 0) implies d j ( 0) for some 0 2 0. Then i(d) i(j ( 0)) 0. (2) Let (i j ) be an injection-projection pair. By (1), i restricted to K(D) is a monotonic injection into K(D0). Suppose i(M ) d0. Then M = j (i(M )) j (d0). Hence M is bounded in D, from which we deduce M d for some d j (d0), by algebraicity and by niteness of M . Then d ts since i(d) i(j (d0)) d0. Conversely, let i : K(D) ! K(D0) be as in the statement. It extends to a

3.1. D1 MODELS

59

D0 : i(x) = Wfi(d) j d xg: Let j : D0 ! D be _ j (x0) = fd j i(d) x0g: We prove that j is well-dened. We have to check that fd j i(d) x0g is directed. If i(d1) i(d2) x0, then by algebraicity i(d1) i(d2) d0 for some d0 x0, and by the assumption fd1 d2g d with i(d) d0. This d ts since a fortiori i(d) x0. It is easy to check j i = id and i j id . 2 continuous function i : D dened by

!

Remark 3.1.5 If moreover the lub's of bounded subsets exist (cf. exercise 1.4.11), then the statement (2) of proposition 3.1.4 simplies: \if i(M ) is bounded by d0 in K(D0 ), then M is bounded in K(D) by some d in K(D) such that i(d) d0 " can beWreplacedWby: \if i(M ) is bounded in K(D0 ), then M is bounded in K(D) and i( M ) = Wi(M )". Indeed, from i(M )W d0, we deduce as above M = j (i(M )) j (d0), i.e., M j (d0), from which i( M ) i(j (d0)) d0 follows.

The characterisation of injection-projection pairs at the level of compact elements will be rediscussed in chapters 7 and 10. Denition 3.1.6 (D1 ) Let (i j ) : D !ip D0 be an injection-projection pair. We dene (i0 j 0) = (i j ) ! (i j ) : (D ! D) !ip (D !cont D) by i0(f ) = i f j j 0(f 0) = j f 0 i: Given a cpo D, we dene the standard injection-projection pair (i0 j0) : D !ip (D ! D) by i0(x)(y) = x j0(f ) = f (?): The cpo D1 is dened as follows:

D1 = f(x0 : : : xn : : :) j 8 n xn 2 Dn and xn = jn (xn+1)g

where (x0 : : : xn : : :) is an innite tuple, standing for a map from ! to Sn2! Dn , and D0 = D Dn+1 = Dn ! Dn (in+1 jn+1) = (in jn) ! (in jn) so that (in jn ) : Dn !ip Dn+1 for all n. We write xn for the nth component of x 2 D1 . In the description of an element of D1 we can omit the rst components, for example (x1 : : : xn : : :) determines (j0(x1) x1 : : : xn : : :).

Remark 3.1.7 There may be other choices for the initial pair (i0 j0). For exam-

ple the chosen (i0 j0) is just the instance (i? j? ) of the family (id jd ) (d 2 K(D)) dened by id(e) = d ! e (step function) jd(f ) = f (d) : Hence the construction of D1 is parameterised by D and (i0 j0).


60

W ) = Wfx j x 2 The lub's in D1 are dened pointwise: ( n n W nuity of the jn's guarantees that indeed belongs to D1 ).

g

(the conti-

Lemma 3.1.8 The following dene injection-projection pairs from Dn to D1 : in1 (x) = (kn0 (x) : : : knn (x) : : : knm (x) : : :) jn1 (x) = xn where knm : Dn ! Dm is dened by 8 > < jm kn(m+1) (n > m) (n = m) knm = > id : im;1 kn(m;1) (n < m) : We shall freely write x for in1 (x). Under this abuse of notation, we have

x 2 Dn x 2 Dn x 2 Dn+1

m n ) xm xn (xn)m = Wxmin(nm) x = n0 xn : Proof. We check only the second implication and the last equality. x 2 Dn ) in (x) = x : in (x) stands for i(n+1)1 (in (x)), that is, ) ) )

xn = x in (x) = x jn (x) x

(k(n+1)0(in(x)) : : : k(n+1)n(in(x)) in(x) : : : k(n+1)m (in(x)) : : :)

which is (kn0(x) : : : x in(x) : : : knm (x) : : :), that is, x. x = Wn0 xn: By the continuity of jn1 , we have _

(

n 0

xn)p = (

_

np

xn)p =

_

np

(xn)p =

_

np

xp = xp:

2

Remark 3.1.9 As a consequence of x = Wn0 xn, a compact element of D1 must belong to Dn , for some n.

Lemma 3.1.10 The following properties hold: 1: 2:

8 n p x 2 Dn+1 y 2 Dp 8 n p x 2 Dp+1 y 2 Dn

x(yn) = xp+1(y) xn+1(y) = x(yp)n :

Proof. We check only the case p = n + 1.

(1) By denition of in+1, we have in+1(x) = in x jn. Hence, as claimed, we have in+1(x)(y) = in (x(jn(y))) = in (x(yn)) = x(yn): (2) (x(in(y))n = jn(x(in(y))) = jn+1 (x)(y) = xn+1(y). 2

3.1. D1 MODELS

61

Denition 3.1.11 We dene : D1 D1 ! D1 and G : (D1 ! D1 ) ! D1

by

x y = WWn0 xn+1 (yn) G(f ) = n0 Gn (f ) where Gn (f ) 2 Dn+1 is dened by Gn (f )(y ) = f (y )n. It is straightforward to check that these mappings are continuous.

Lemma 3.1.12 The following properties hold: 1 : If x 2 Dn+1 then x y = x(yn ): 2 : If y 2 Dn then (x y)n = xn+1 (y ):

Proof. (1) Using lemma 3.1.10, we have

xy=

_

in

xi+1(yi) =

_

x((yi)n) = x(yn):

in

(2) By continuity of jn1 and by lemma 3.1.10, we have (x y)n =

_

pn

(xp+1(yp))n =

_

pn

xn+1(y) = xn+1(y):

2

Theorem 3.1.13 Let F (x)(y) = x y. The maps F and G are inverse isomor

phisms between D1 and D1 ! D1 .

Proof. G FW= id : Thanks to lemma 3.1.12, we have Gn (F (x)) = xn+1 .

Hence G(F (x)) = n0 xn+1 = x. F G = id : We have to prove G(f ) x = f (x) for any f : D1 ! D1 and x 2 D1 . By continuity, we have G(f ) x = WWn0 Gn (f ) x. Since Gn (f ) x = Gn (f )(xn) by lemma 3.1.12, we have G(f ) x = n0 f (xWn)n . On the other hand W we have f (x) = n0 f (xn) by continuity, hence f (x) = n0pn f (xn)p. Finally, observing that f (xn )p f (xp)p, we have

G(f ) x =

_

n0

f (xn )n =

_

n0pn

f (xn )p = f (x):

2

We have thus obtained a solution to the equation D = D ! D. The heuristics has been to imitate Kleene's xpoint construction, and to build an innite sequence D0 = D : : : H n(D0) : : :, with H (D) = D ! D. In fact it can be formally shown that:


62

D1 is in a suitable sense the least upper bound of the Dn 's, and, as a consequence, D1 is in a suitable sense the least D0 \above" D for which \H (D0 ) D0 " holds, and that moreover \H (D0 ) = D0 " holds. This is fairly general, and will be addressed in chapter 7 (see also exercises 3.1.14, 3.1.15 for an anticipation). Exercise 3.1.14 Show that, for any D0 with a collection of (n1 n1) : Dn !ip D0 such that (8 n (n1 n1 ) = ((n+1)1 (n+1)1) (in jn )), there exists a unique pair ( ) : D1 !ip D0 such that

8n

( ) (in1 jn1 ) = (n1 n1 ):

(Hint: dene (x) = W n (xn), (y )n = n1(y ).) Recover the denition of (F G) : D1 !ip HD1 by taking D0 = HD1 ((n+1)1 (n+1)1) = (n1 n1 ) ! (n1 n1) :

Exercise 3.1.15 Dene an (i0 j0)-H -algebra as a pair of two injection-projection pairs ( ) : D0 !ip D0 and ( ) : HD0 !ip D0 such that

( ) H ( ) (i0 j0) = ( ) where H ( ) = ( ) ! ( ) and dene an (i0 j0)-H -algebra morphism from (( ) ( )) to ((1 1) : D0 !ip D10 (1 1) : HD10 !ip D10 ) as a morphism ( ) : D0 !ip D10 such that

( ) ( ) = (1 1) and ( ) ( ) = (1 1) H ( ): Show that ((i01 j01) (G F )) is an initial (i0 j0 )-H -algebra, that is, it has a unique morphism into each (i0 j0 )-H -algebra.

We end the section with a lemma which will be needed in the proof of lemma 3.4.7(3).

Lemma 3.1.16 For any f 2 Dn+1 we have G(in1 f jn1 ) = f . W

Proof. We have G(in1 f jn1 ) = pn Gp (in1 f jn1 ). Let y 2 Dp . From

Gp(in1 f jn1 )(y) = in1 (f (jn1 (y)))p we get Gp (in1 f jn1 )(y) = f (yn) (with our abuse of notation), hence Gp (in1 f jn1 ) = k(n+1)(p+1)(f ) by lemma 3.1.10, and the conclusion follows. 2

3.2. PROPERTIES OF D1 MODELS

63

3.2 Properties of D1 Models

We have not yet shown with precision why a solution to D = D ! D gives a model of the -calculus. We shall rst give a few denitions: applicative structure, prereexive domain, functional -model, and reexive domain. The D1 models are reexive, as are many other models of the -calculus. A fully general (and more abstract) denition of model will be given in chapter 4. Then we discuss some specic properties of D1 models.

Denition 3.2.1 (pre-reexive) An applicative structure (X ) is a set X

equipped with a binary operation . The set of representable functions X !rep X is the set of functions from X to X dened by

X !rep X = ff 2 X ! X j 9 y 2 X 8 x 2 X f (x) = y xg:

A pre-re exive domain (D F G) is given by a set D, a set D ! D] of functions from D to D, and two functions F : D ! D ! D] and G : D ! D] ! D such that F G = id. The uncurried form of F is written . Hence a pre-re exive domain D is an applicative structure, and D !rep D = F (D) = D ! D]. If moreover D is a partial order and (G F ) forms an injection-projection pair, then (D F G) is called coadditive.

Notice that the conjunction of F G id and G F id is an adjunction situation. In coadditive pre-reexive domains, we thus have

G(f ) x , f F (x) which entails that: G preserves existing lub's (f F (G(f )), g F (G(g )) entail f _ g F (G(f ) _ G(g))). G maps compact elements to compact elements (cf. proposition 3.1.4). The functions F and G can serve to interpret untyped -terms. As in universal algebra and in logic, the meaning of a term is given relative to a so-called environment mapping variables to elements of the model. Thus the meaning of a term is to be written as an element M ] of D, read as: \the meaning of M at ". This motivates the following denition. Denition 3.2.2 (-model) A functional -model (-model for short) is a prere exive domain (D F G) such that the interpretation of -terms given by the equations of gure 3.1 is correctly dened. In these equations, the point is to make sure that d: M ] d=x] 2 D ! D].

64

CHAPTER 3. D1 MODELS AND INTERSECTION TYPES x] = (x) MN ] = F (M ] )(N ] ) x:M ] = G(d: M ] d=x]) Figure 3.1: The semantic equations in a functional -model

Proposition 3.2.3 (soundness) In a -model, the following holds:

if M ! N then M ] = N ] for any : Proof hint. Since F G = id , we have (x:M )N ] = F (G(d: M ] d=x]))(N ] ) = M ] N ] =x] : Then the conclusion follows from the following substitution property, which can be proved by induction on the size of M : M N=x]]] = M ] N ] =x]: 2

We refer to chapter 4 for a more detailed treatment of the validation of (and ). Denition 3.2.4 (reexive) A pre-re exive domain (D F G) is called re exive if D is a cpo and D ! D] = D ! D. Proposition 3.2.5 A re exive domain is a functional -model. Proof. One checks easily by induction on M that d~: M ] d~=~x] is continuous. In particular, d: M ] d=x] 2 D ! D]. 2 The D1 models are reexive. The additional property G F = id which they satisfy amounts to the validation of the -rule (see chapter 4). Remark 3.2.6 It should come as no surprise that the D1 models satisfy as well as , since for we expect a retraction from D1 ! D1 to D1 , while the construction exploits retractions from Dn to Dn ! Dn which are the other way around. We now come back to D1 and prove a result originally due to Park: the xpoint combinator is interpreted by the least xpoint operator in D1 . The proof given here is inspired by recent work of Freyd, and Pitts, about minimal invariants, a notion which will be discussed in section 7.2.


65

Proposition 3.2.7 Let J : (D1 ! D1 ) ! (D1 ! D1) be the function dened by

J (e) = G (e ! id ) F

where ! is used in the sense of denition 3.1.1. The function J has the identity as unique xpoint.1 Proof. Let be a xpoint of J . Considering id as elements of D1 , we shall

prove that, for any n, n = id n , i.e., (for n 1), n = id : Dn;1 ! Dn;1 . The general case (n 2) is handled as follows, using lemma 3.1.12:

n+2 (x)(y) = ( ! id )n+2 (x)(y) = (( ! id )(x))n+1(y) = (x )n+1(y) = (x )(y)n : On the other hand: (x n+1)(y) = x(n+1(y)) = x((y)n) = (x )(y)n: Then we can use induction:

n+2(x)(y) = (x )(y)n = (x n+1)(y) = (x id )(y) = x(y): Hence n+2 (x) = x, and n+2 = id . We leave the base cases n = 0 1 to the reader (hint: establish rst that, in D1 , ? y = ?, and x0(y) = x0 = x(?0)). 2 Remark 3.2.8 1. Proposition 3.2.7 does not depend on the initial choice of D0, but the proof uses the fact that the initial pair (i0 j0) is the standard one (this is hidden in the hint). 2. The functional J may seem a bit ad hoc. A more natural functional would be dened by: (e) = G (e ! e) F . More generally, for a domain equation of the form D = H (D), with a solution given by inverse isomorphisms F : D ! H (D) and G : H (D) ! D, we can set (e) = G H (e) F . But replacing J by in the proof of proposition 3.2.7 fails to work in the base cases n = 0 1. On the other hand, we shall see (proposition 7.1.23) that the functional works well with the initial solution of D = H (D). (Remember that we are not interested in the trivial initial solution f?g of D = D ! D.) A fortiori, the identity is the least xpoint of J . This fact can be used as a tool to prove properties of D1 by induction. We illustrate this with a simple proof (adapted from Pit95]) of Park's result.

Proposition 3.2.9 (Park) Let Y = y:(x:y(xx))(x:y(xx)). then Y ] in D1 is the least xpoint operator (cf. proposition 1.1.7 and exercise 1.4.5).

The subscript J in J comes from the term J = Y (f xy:x(f y)) (see the discussion on the relations between D1 and Bohm trees, later in this section). 1

66


Proof. Let f : D ! D. Let f = x:y (xx)]]f=y ] = G(x 7! f (x x)). We

have to prove f f x (f ) (the other direction follows from soundness, since Y M = M (Y M )). Consider E = fe : D1 ! D1 j e id and e( f ) f x (f )g: By continuity, E is closed under directed lub's also, obviously, ? 2 E . We have to show that id 2 E . By proposition 3.2.7, it is enough to show that if e 2 E , then J (e) 2 E . We have: J (e)( f ) f = G((e ! id )(x 7! f (x x))) f = (e ! id )(x:f (x x))( f ) = f (e( f ) e( f )) f (e( f ) f ) since e id f (x (f )) since e 2 E = x (f ) : 2

D1 models and Bohm trees. The rest of the section is an overview of early independent work of Wadsworth and Hyland, relating D1 models and Bohm trees (cf. denition 2.3.1) Wad76, Hyl76]. They proved that the following are equivalent for any two -terms M and N : 1. M op N , which means (cf. denition 2.1.6) 8 C (C M ] has a head normal form ) C N ] has a head normal form): 2. BT (M ) BT (N ) (the meaning of is sketched below) 3. M ] N ] in D1 (for any choice of D0, but with the standard initial (i0 j0)) The equivalence (1),(3) is called a full-abstraction property (cf. section 6.4). We briey indicate the techniques used to prove these equivalences. (1) ) (2) : This is the hard core of the theorem. It is proved by contradiction, by the so-called Bohm-out technique. Roughly, the technique consists in associating with a subterm P of a term M a context C with the property that C M ] = P . In the proof by contradiction of (1))(2) we use a context associated with an occurrence u where the two Bohm trees di er. If BT (M )=u 6= # and BT (N )=u = #, the associated context witnesses rightaway M 6op N (remember that for a partial -term P , by denition !(P ) = # exactly when P is not a hnf). (As for the case where BT (M )=u 6= # and BT (N ) 6= #, see theorem 3.2.10.) The following example should suggest the contents of . Consider (cf. proposition 3.2.7) I = x:x and J = Y (fxy:x(fy)):


67

It can be proved (as in proposition 3.2.9) that I ] = J ] in D1 . But the Bohm tree of I is just I , while the Bohm tree of J is innite: xz0:x(z1:z0(z2:z1 : : : : These two Bohm trees get equalised through innite -expansion of I : I = xz0:xz0 = xz0x(z1:z0z1) = : : : : (2) ) (3) : This follows from the following approximation theorem: _ M ] = f A] j A BT (M )g: (3) ) (1) : A corollary of the approximation theorem is the adequacy theorem: M ] = ? , M has no head normal form , BT (M ) = #): Therefore M op N can be rephrased as: 8 C (C N ]]] = ?) ) (C M ]]] = ?): This holds, because we have C M ]]] C N ]]], by the compositionality of the interpretation in D1 . The Bohm-out technique was rst used in the proof of Bohm's theorem, which we now state. Theorem 3.2.10 (Bohm) Let M N be -terms which have both a -normal form, and whose -normal forms are distinct. Then any equation P = Q is derivable from the system obtained by adding the axiom M = N to . Proof hint. Given xed M N as in the statement, the proof consists in associating with any pair of terms P Q a context CPQ such that C M ] = P and C N ] = Q. The induction is based on the size of M N . We only describe a few typical situations. First we can assume without loss of generality that M and N have no head 's, since they can be brought to that form by contexts of the form ]x1 : : :xn. Notice that here -interconvertibility is crucial, since in this process, say, x:Nx and N are identied. We now briey discuss examples of the di erents cases that may arise: 1. Base case: M = xM~ and N = yN~ (y 6= x). Then we take C = (xy: ])(~u:P )(~v:Q): 2. M = xM1 and N = xN1N2. We turn this di erence in the number of arguments into a base case di erence, in two steps. First, a context ]y1y2, with y1 y2 distinct, yields xM1y1y2 and xN1N2y1y2. Second, we substitute the term 2 = z1z2z:zz1z2, called applicator, for x. Altogether, we set D = (x: ]y1y2)2, and we have DM ] = y2M1y2 and DN ] = y1N1N2y2 which is a base case situation.

68

CHAPTER 3. D1 MODELS AND INTERSECTION TYPES 3. M = xM1M2, N = xN1N2: Then M 6= N implies, say, N1 6= N2. It is enough to nd D such that DM ] = M2 and DN ] = N2, because then one may conclude by an induction argument. In rst approximation we are inclined to substitute the projection term 2 = z1z2:z2 for x, yielding M22=x] and N22=x]. But we do not want the substitution of 2 in M2 and N2. To avoid this, we proceed in two steps: First we apply the two terms to a fresh variable z and substitute 2 for x, then we substitute 2 for z. Formally, we take D = D2D1], where D1 = (x: ]z)2, and D2 = (z: ])2. Then

DM ] = M22=x] and DN ] = N22=x]: The substitution of 2 turns out to be harmless. We make such substitutions by applicators into a parameter of the induction, together with P Q, so that above we can have by induction a context CPQ 2=x with the property that CPQ 2=xM22=x]] = P and CPQ 2=xN22=x]] = Q: For full details on the proof, we refer to Kri91].

2

In other words, adding M = N leads to inconsistency. To prove the theorem, one may assume that M N are distinct normal forms, and the place where they di er may be \extracted" like above into a context C such that C M ] = xy:x and C N ] = xy:y, from which the theorem follows immediately. As a last remark, we observe that Bohm's theorem gives us already a limited form of \full abstraction".

Corollary 3.2.11 Let M N be -terms which have a -normal form. Then M ] = N ] in D1 i M = N .

Proof. M = N ) M ] = N ] : by soundness.

M ] = N ] ) M = N : if M N have distinct normal forms, then by Bohm's theorem and by soundness P ] = Q] for any P Q in particular x] = y] , which is contradicted by interpreting these terms with a such that (x) 6= (y) (D1 contains at least two elements). 2

3.3 Filter Models In this section we introduce the syntax of intersection types, which leads to the denition of a class of reexive domains. Intersection types provide an extended system of types that allows to type all terms of the -calculus. Therefore the philosophy of these \types", which were originally called functional characters in

3.3. FILTER MODELS

69

CDC80], is quite di erent from the main stream of type theory, where the slogan is: \types ensure correction in the form of strong normalisation" (cf. theorem 2.2.9). Coppo and Dezani's characters, or types, are the simple types (built with ! only, cf. denition 2.2.5), supplemented by two new constructions: binary intersection and a special type !, with the following informal typing rules (see exercise 3.3.14): any term has type ! a term has type ^ i it has both types and : As an illustration, to type a self application of a variable x to itself, we can give to x the type ( ! ) ^ , and we get that xx has type . On the other hand, it can be shown that the application of = x:xx to itself can only be typed by !. In section 3.5, we shall further discuss the use of intersection types in the investigation of normalisation properties. Turning to semantics, functional characters can be used to give meaning to terms, using the following philosophy: characters are seen as properties satised by terms, in particular, the property ! is the property which holds for a term M if and only if, whenever M is applied to a term N satisfying , MN satises . The meaning of a term is then the collection of properties which it satises. Another way to understand the language of intersection types is to see them as a formal language for presenting the compact elements of the domain D which they serve to dene. Recall that the topological presentation of domains (section 1.2) provides us with a collection of properties: the opens of the Scott topology, or more specically the opens in the basis of Scott topology, that is, the sets of the form " d, where d is a compact of D. Hence, in this approach: Types represent compact elements d e of D, the association being bijective, but antimonotonic (observe that d e i " e " d). ! represents the step function (cf. lemma 1.4.8) d ! e : D ! D, which is a (compact) element of D, since it is intended that D = D ! D. ^ represents d _ e, and ! represents ? (intersection types give a lattice: all nite lub's exist). These remarks should motivate the following denition.

Denition 3.3.1 (eats) An extended abstract type structure (eats for short) S

is given by a preorder (S ), called the carrier, whose elements are often called types, which: has all nite glb's, including the empty one, denoted by ! , and is equipped with a binary operation ! satisfying:

70

CHAPTER 3. D1 MODELS AND INTERSECTION TYPES (!1) ( ! 1) ^ ( ! 2) ! (1 ^ 2) 0 0 (!2) ( ! ) (0 ! 0) (!) !!!! .

Remark 3.3.2 1. The structure of a preorder having all nite glb's can be axiomatised as follows:

! ^ ^ ^

1 2 2 3 1 3 0 0 ( ^ ) (0 ^ 0)

2. Inequation (!2) expresses contravariance in the rst argument and covariance in the second argument (cf. dention 3.1.1). 3. Thanks to inequation (!2), the two members of (!1) are actually equivalent.

Lemma 3.3.3 In any eats, the following inequality holds: (1 ! 1) ^ (2 ! 2) (1 ^ 2) ! (1 ^ 2): Proof. The statement is equivalent to

(1 ! 1) ^ (2 ! 2) ((1 ^ 2) ! 1) ^ ((1 ^ 2) ! 2) which holds a fortiori if 1 ! 1 (1 ^ 2) ! 1 and 2 ! 2 (1 ^ 2) ! 2. Both inequalities hold by (!2). 2 A way to obtain an eats is via a theory.

Denition 3.3.4 Let T be the set of types constructed from a non-empty set At

of atoms and from a signature f!0 ^2 !2g (with the arities in superscript). The formulas have the form , for 2 T . A theory consists of a set Th of formulas closed under the rules dening an eats. Thus a theory produces an eats with carrier T . We denote this eats also by Th. For any set ! of formulas, Th (!) denotes the smallest theory containing !. We denote with Th 0 the free theory Th ().

Remark 3.3.5 The assumption At =6 is important: otherwise. everything

collapses, since ! = ! ^ ! = ! ! !, where = is the equivalence associated with the preorder .

Another way to obtain an eats is by means of an applicative structure.

3.3. FILTER MODELS

71

Denition 3.3.6 (ets) Let (D ) be an applicative structure. Consider the fol

lowing operation on subsets of D: A ! B = fd 2 D j 8 e 2 A d e 2 B g: A subset of P (D) is called an extended type structure (ets for short) if it is closed under nite set-theoretic intersections and under the operation ! just dened.

Lemma 3.3.7 An ets, ordered by inclusion, is an eats. We have already observed that the order between types is reversed with respect to the order in the abstract cpo semantics. Accordingly, the role of ideals is played here by lters. Denition 3.3.8 (lter) A lter of an inf-semi-lattice S is a nonempty subset x of S such that 2 x ) ^ 2 x 2 x and ) 2 x : The lter domain of an eats S is the set F (S ) of lters of S , ordered by inclusion. Remark 3.3.9 Equivalently, in denition 3.3.8, the condition of non-emptyness can be replaced by: ! 2 x. The following properties are easy to check: For each 2 S , " is a lter. Given A S , the lter A generated by A (i.e., the least lter containing A) is the intersection of all lters containing A. It is easily seen that A = f" (1 ^ ^ n ) j 1 : : : n 2 Ag: In particular for a nite A = f1 : : : n g, we have A =" (1 ^ ^ n ). Proposition 3.3.10 If S is an eats, then F (S ) is an algebraic complete lattice. Proof. The minimum and maximum elements are " ! and S , respectively. The nonempty S glb's are just set-theoretic intersections. The lub's are obtained by W A = A. Two instances of lub's can be given explicitly: S W S If A is directed, then A is a lter, hence A = A. To see this, let S 2 A. Then 2 x, 2 y for some x y 2 A. By directedness S 2 z for some z 2 A since z is a lter, we have ^ 2 z, hence ^ 2 A. " _ " = f g =" ( ^ ). It follows that f" j 2 xg is directed, for any lter x, and since it is clear that S x = f" j 2 xg, we obtain that F (S ) is algebraic and that the nite elements are the principal lters " . 2


72

Denition 3.3.11 Let S be an eats, let x y 2 F (S ), and f be a function F (S ) ! F (S ).

We dene:

x y = f j 9 2 y ! 2 xg G(f ) = f ! j 2 f (" )g :

We write F for the curried form of .

Lemma 3.3.12 For any x y

2 F (S ),

continuous.

x y is a lter, and the operation is

Proof. We check only that x y is a lter:

! 2 x y: Take = !. Then ! 2 x y since ! ! ! ! implies ! ! ! 2 x. Closure under intersections: Let 1 2 2 x y , and let 1 2 2 y such that 1 ! 1 2 ! 2 2 x. Then 1 ^ 2 ! 1 ^ 2 2 x, by lemma 3.3.3, hence 1 ^ 2 2 x y. Upward closedness: by covariance. 2

Remark 3.3.13 Notice the role of the axiom ! ! ! !, which guarantees the non-emptyness of x y.

Exercise 3.3.14 Consider the following interpretation of -terms: x] = (x) MN ] = (M ] ) (N ] ) x:M ] = G(d: M ] d=x])

where F and G are as in denition 3.3.11 and where maps variables to lters. (Unlike in denition 3.2.2, we do not suppose F G = id.) On the other hand, consider the formal typing system of gure 3.2, involving judgments of the form ; ` M : , where M is an untyped -term, 2 S , and ; is a partial function from (a nite set of) variables to S , represented as a list of pairs of the form x : . (A slightly dierent one will be used in section 3.5.) Show M ] = f j ; ` M : g, where (x) =" whenever x : is in ;.

We next examine how F and G compose.

Lemma 3.3.15 In an eats, the following holds for any 2 S x 2 F (S ): ! 2 x , 2 x " :

Proof. ()) This follows obviously from 2" . Conversely, 2 x " implies

0 ! 2 x for some 0 , hence ! 2 x by contravariance.

Lemma 3.3.16 Let F G be as in denition 3.3.11. Then G F id.

2

3.3. FILTER MODELS

73

x:2; ;`x: ;`M :! ;`N : ; fx : g ` M : ; ` MN : ; ` x:M : ! ;`M : ;`M : ;`M : ;`M :! ;`M :^ ;`M :

.

Figure 3.2: Intersection type assignment Proof. Let f = F (y ) = x:(y x). If 2 G(f ), then (1 ! 1 ) ^ ^ (n !

n ), where i 2 y " i (1 i n), or, equivalently, i ! i 2 y, from which 2 y follows, by denition of a lter. 2 Proposition 3.3.17 Let F G be as in denition 3.3.11. We have F G id on F (S ) ! F (S ) F G = id on F (S ) !rep F (S ) : Proof. F G id : We have to prove f (x) G(f ) x, for every f : F (S ) ! F (S ) and every lter x. If 2 f (x), then by continuity 2 f (" ) for some 2 x. Hence ! 2 G(f ) by denition of G, and 2 G(f ) x by denition of . F G id : Since F (S ) !rep F (S ) = F (F (S )), we can reformulate the statement as F G F F it then follows from lemma 3.3.16. 2

The situation so far is as follows. An eats gives rise to a coadditive prereexive domain based on the representable functions. This domain does not necessarily give rise to a -model, because there may not exist enough representable functions to guarantee that d: M ] d=x] is always representable. The following proposition characterises the eats' which give rise to reexive domains, with the above choice of F G.

Proposition 3.3.18 For any eats S , F (S ) !rep F (S ) = F (S ) ! F (S ) (and hence (F (S ) F G) is re exive) if and only if (for any types) (F re ) (1 ! 1) ^ ^ (n ! n ) ! ) Vfi j ig : Proof. We begin with two observations:

1. By proposition 3.3.17, any representable function f is represented by G(f ).


74

2. The compact continuous functions in F (S ) !cont F (S ) are the functions of the form f = (" 1 !" 1) ^ ^ (" n !" n ), i.e., such that ^ f (x) =" fi j i 2 xg (cf. remark 1.4.13). In particular, i 2 f (" i) for every i, hence i ! i 2 G(f ). Suppose rst that all continuous functions are representable. Then the above f is represented by G(f ). Let be as in the assumption of (F re ). We have ^ 2 G(f ) " = f (" ) =" fi j ig since ! 2 G(f ) and F G = id . Hence Vfi j ig . Conversely, suppose that (F re ) holds. We show that the compact functions f (cf. observation (2)) are representable. We rst show: G(f ) =" (1 ! 1) ^ ^ (n ! n): " (1 ! 1 ) ^ ^ (n ! n ) G(f ): this follows from i ! i 2 G(f ), shown above. G(f ) " (1 ! 1 ) ^ ^ (n ! n ): it is enough to show that 2 f (" ), implies (1 ! 1) ^ ^ (n ! n ) ! . That is, the converse of (F re ) holds. This is proved using lemma 3.3.3: ^ (1 ! 1) ^ ^ (n ! n) (i ! i ) fij ^ i g ^ i ! i fij i g fij ig ! :

Now we can prove that G(f ) represents f , that is, for all : ^ G(f ) " =" fi j ig: G(f ) " f (" ): Let 2 G(f ) " , that is, let 0 be such that 0 0 ! V 2 G(f ). Then (1 ! 1) ^ ^ V (n ! n ) ! :. By (F re ), we 0 have fi j ig . A fortiori fi j ig , that is, 2 f (" ).

f (" ) G(f ) " : This always holds, by proposition 3.3.17. Finally, consider an arbitrary continuous function f , and let be the set of its approximants. Then _ _ _ _ _ G( ) x = ( G( )) x = G( ) x = (x) = ( )(x):

2

2

3.4. SOME D1 MODELS AS FILTER MODELS

75

2 Many eats' satisfy (F re ), including Th 0 (next exercise), and the theories Th V dened in section 3.4. Exercise 3.3.19 Show that Th 0 satises (F re ). Hint: reformulate the goal for an arbitrary formula , exploiting the fact that an arbitrary formula can be written as an intersection of formulas which are each either ! , or an atom, or of the form 1 ! 2.

3.4 Some D1 Models as Filter Models

We are now interested in recasting some D1 models in terms of \logic", that is in terms of lter models built on a theory. We restrict our attention to an initial D0 which is an algebraic lattice. Exercise 3.4.1 Show that if D0 is an algebraic lattice, then so is D1, for an arbitrary choice of (i0 j0).

Denition 3.4.2 Let (D F G) be a re exive (coadditive) domain. Let v : D !

D0 and w : D0 ! D be inverse order-isomorphisms. Let F 0 G0 be dened by F 0(x0) = v F (w(x0)) w G0(f 0) = v(G(w f 0 v)) : Then (D0 F 0 G0 ), which is clearly a re exive (coadditive) domain, is called isomorphic to (D F G). In the following denition we \ocialise" the inversion of order involved in the logical treatment. Denition 3.4.3 Let D be an algebraic lattice. We set K (D) = f" d j d 2 K(D)g and order it by inclusion. (Hence, up to isomorphism, K (D) is (K(D) ).) Theorem 3.4.4 If D is an algebraic lattice and if (D F 0 G0) is a re exive coadditive domain, then K (D) can be equipped with an eats structure in such a way that the associated (F (K (D)) F G) is isomorphic to (D F 0 G0 ). Proof. By lemma 3.3.7 applied to the applicative structure D, it is enough to

prove that K (D) is closed under nite intersections and under the ! operation. We have (" d) ^ (" e) =" (d _ e) " ? = D:

76


We show:

" d !" e =" G0 (d ! e)

where the left ! denotes the operation introduced in denition 3.3.6, and where d ! e is a step function. Indeed, we have z 2" d !" e , z d e , F 0(z) d ! e , z G0(d ! e) where the last equivalence follows by coadditivity. Hence K (D) forms an ets (notice that G0(d ! e) is compact by coadditivity). The lters over K (D) are in order-isomorphic correspondence with the ideals over K(D). We nally check that the operations F G are the operations F 0 G0, up to isomorphism. For x y 2 D, we have f" f j f xg f" d j d y g = f" e j 9 d y (G0 (d ! e) x)g: So what we have to show is e x y , 9 d y (G0(d ! e) x) which by coadditivity is equivalent to e F 0(x)(y) , 9 d y (d ! e F 0(x)) which follows by continuity of F 0(x). Matching G against G0 amounts to show f" f j f G0 (g )g = f" d !" e j e g (d)g which can be rephrased as f" f j f G0 (g )g = A where A = f" G0 (d ! e) j d ! e g g: f" f j f G0 (g )g A: By the continuity of G0 , if f G0 (g ), then f G0(d1 ! e1 _ _ dn ! en)

for some d1 e1 : : : dn en such that d1 ! e1 g : : : dn ! en g. Hence " G0 (d1 ! e1) : : : " G0 (dn ! en ) 2 A: Then, since G0 preserves lub's, " G0 (d1 ! e1 _ _ dn ! en ) = " (G0 (d1 ! e1) _ _ G0 (dn ! en )) = " G0 (d1 ! e1) \ \ " G0(dn ! en) 2 A from which we get " f 2 A. A f" f j f G0 (g )g: It is obvious that A f" f j f G0 (g )g. 2 Now we investigate under which conditions a lter domain can be presented by a theory (recall denition 3.3.4).

3.4. SOME D1 MODELS AS FILTER MODELS

77

Denition 3.4.5 Suppose that S is an eats, and that an interpretation V : At ! S (which obviously extends to V : T SV = f j V () V ( )g.

!

S ) is given. Then S V induce a theory

Lemma 3.4.6 If S is an eats and V : At ! S is such that its extension V : T !

S is surjective, then SV is isomorphic to S , in the sense that their collections of lters are isomorphic.

Proof. The inverse maps are x 7! V (x) and y 7! V ;1 (y ). The surjectivity

of V guarantees that V (V ;1(y)) = y. In the other direction, x V ;1(V (x)) holds obviously. If 2 V ;1(V (x)), then V () = V ( ) for some 2 x, hence 2 SV , from which 2 x follows since x is a lter. 2

Summarizing, to get a presentation of a domain by a theory, we should make sure that the domain is an algebraic lattice, is reexive and coadditive, and we should nd a surjection from types to the compact elements of the domain. We apply this discussion to the D1 models (D1 F G) constructed from a lattice D0.

Lemma 3.4.7 If V : At ! K (D1 ) is such that for each d 2 K (D0) there exist 2 T such that V () =" d, then V : T ! K (D1 ) is surjective.

Proof. Recall that by remark 3.1.9 a compact element of D1 is a compact

element of Dn for some n. We use induction over n. The case n = 0 is the assumption. Take a compact element c = (a1 ! b1) _ _ (an ! bn) of Dn+1 . We have by induction " a1

= V (1) : : : " an = V (n) and

Hence: V (i ! i) = = =

" b1

= V (1) : : : " bn = V (n ):

" ai !" bi " G0 (ai ! bi ) " (ai ! bi)

by theorem 3.4.4 by lemma 3.1.16, and since in1 (ai ! bi) jn1 = ai ! bi : We conclude that " c = V ((1 ! 1) ^ ^ (n ! n )).

2

We now dene a theory for the D1 model based on D0 = f? >g and the standard pair (i0 j0) (cf. denition 3.1.6). We take At = fg, and dene V () =" >. Then obviously V satises the assumption of lemma 3.4.7. So all we need now is a syntactic characterisation of Th V as Th (!) for some nite set ! of axioms.

Theorem 3.4.8 Let D1 V be as above. Set ! = f ! ! ! ! g. Then Th V = Th (!). Hence D1 is isomorphic to F (Th (!)).

78


Proof. The second part of the statement follows from the rst part:

D1 is isomorphic to F (K (D1 )) is isomorphic to

F (K (D1 )) F (Th V )

by theorem 3.4.4 by lemma 3.4.6 :

We also deduce from these isomorphisms that Th V satises (F re ), by proposition 3.3.18. We now show the rst part. Th (!) Th V : It suces to check V () = V (! ! ):

x 2 V (! ! ) (=" ? !" >)

, 8y

xy=>

,

x = >:

The latter equivalence follows from the fact that D1 's > element (> : : : > : : :) is D0's >, since i0(>) = x:> is D1's > element, and since it is easily seen that i(>) = > implies i0(>) = > where (i j 0) = (i j ) ! (i j ). Th V Th (!): We pick ( ) 2 Th V and proceed by induction on the sum of the sizes of . Clearly, it is enough to prove 0 0 2 Th (!) for some 0 0 such that 0 0 2 Th (!) (in particular for 0 0, where 0 is the equivalence associated with the preorder 0 of Th 0). Clearly, from any we can extract 0 0 such that 0 has a smaller size than and has one of the following forms:

! or (11 ! 21) ^ ^ (1n ! 2n) (n 1) or (11 ! 21) ^ ^ (1n ! 2n) ^ (n 0) : Similarly for . Exploiting this fact, the problem of verifying ( ) 2 Th (!) can be limited without loss of generality to = and = 1 ! 2: = : We consider the three possible forms of : { = !: this case is impossible, since ! 62 Th V . { = (11 ! 21) ^ ^ (1n ! 2n): Then (! ! ) 2 Th V , since (V ) 2 Th V . Let I = fi j ! 1i 2 Th V g. By (F re V), we have: i 2 Th V . We can apply induction to both ! i2I 1i and Vi2I 2i 0 i2I 2 , from which 2 Th (!) follows by lemma 3.3.3, where 0 = ! ! = . { = (11 ! 21) ^ ^ (1n ! 2n) ^ : Then obviously 0 . = 1 ! 2 : We consider the three possible forms of : { = !: Replacing ! by ! ! !, we get ! 2 by (F re ), and ! 2 2 Th (!) by induction applied to ! 2. Hence 0 2 Th (!), with 0 = ! ! ! .

3.5. MORE ON INTERSECTION TYPES *

79

{ = (11 ! 21) ^ ^ (1n ! 2n): The reasoning is the same as for the

!.

corresponding case for = . We now I = fi j 1 1i 2 Th V g, V dene V and we apply induction to 1 i2I 1i and i2I 2i 2. { = (11 ! 21) ^ ^ (1n ! 2n) ^ : The reasoning is a variation of the previous case. We replace V i by !V ! , we keep the same I , and we apply induction to 1 i2I 1 and i 2 i2I 2 ^ 2 . There are more liberal conditions allowing to get Th = Th (!) for some nite

Exercise 3.4.9 Let Th be a theory satisfying (F re ), and in which every atom is equivalent to a nite conjunction of types of the form ! ! or 1 ! 2 . Show that Th = Th (), where

= (Th \ f1 ^ ^ m j 1 : : : m 2 At g) f j 2 At g: Hints: (1) Reason by induction on the number of occurrences of !. (2) The inequations 1 ^ ^ m might lead to loops when replacing 1 : : : m by 1 : : : n , hence they are added explicitly.

Exercise 3.4.10 (Park's D1) Apply exercise 3.4.9 to show that the D1 model based on D0 = f? >g and (i> j>) (cf. remark 3.1.7) is isomorphic to F (Th (Park )), with Park

= f ! g. Hint: use the same function V , but notice that, unlike in the standard D1 model, it is not the case here that D0 's > is D1 's >, since i> (?) = x:x is not D1's > element.

3.5 More on Intersection Types * In this section, following original work of Coppo and Dezani, we study intersection types from a syntactic point of view (and without considering an explicit preordering on types, as we did in order to construct a model). Intersection types are used to give characterisations of the following predicates over -terms: \has a head normal form", \has a normal form", and \is strongly normalisable". The rst two characterisations can be derived as corollaries of a logical formulation of the approximation theorem (cf. section 3.2). Our presentation follows Kri91].

Systems D# and D.

Recall the set T of intersection types from denition 3.3.4. The typing system D is dened in gure 3.3. The only di!erence with the system presented in gure 3.2 is the replacement of the last rule by the more restricted rules (Ê 1) and (Ê 2). Another di!erence is that we let now M range over -terms (cf. denition 2.3.1). The rule (! ) allows to type . The restriction of D obtained by removing ! in the BNF syntax of T , as well as the rule (! ), is called D. In D only -terms, i.e., terms without occurrences of , can be typed.

80

CHAPTER 3. D1 MODELS AND INTERSECTION TYPES x:2; ;`x: ;`M :! ;`N : ; fx : g ` M : ; ` MN : ; ` x:M : ! ;`M : ;`M : (! ) ( Î ) ;`M :! ;`M :^ ; `M :^ ; `M :^ (Ê 2) (Ê 1) ;`M : ;`M :

.

Figure 3.3: System D#

Remark 3.5.1 Because of axiom (!), in a provable judgement ; ` M : of D, all free variables of M are not always declared in ;. This property holds however in D.

We state a number of syntactic lemmas.

Lemma 3.5.2 (weakening) If ; ` M : and ; ;0 (that is, if x : is in ; then it is in ;0 ), then ;0 ` M : . Lemma 3.5.3 If ; x1 : 1 : : : xk : k : k ` M : , if N1 : : : Nk are -terms, and if ; ` Ni : i for all i's such that xi 2 FV (M ), then ; ` M N1=x1 : : : Nk =xk ] : . Proof hint. By induction on the length of the proof of ; x1 : 1 : : : xk : k ` M : .

2

Remark 3.5.4 Lemma 3.5.3 encompasses both substitution and strengthening. Substi-

tution corresponds to the situation where ; ` Ni : i for all i k. Strengthening corresponds to the situation where x1 : : : xk 62 FV (M ): then ; x1 : 1 : : : xk : k ` M : implies ; ` M : .

Lemma 3.5.5 If ; x : ` M : , then ; x : ^ 0 ` M : for any 0. Proof. By induction on the length of the proof of ; x : ` M : . We only look at

the base cases: ; x : ` x : : Then ; x : ^ 0 ` x : ^ 0, and ; x : ^ 0 ` x : follows by (Ê ). ; x : ` y : (y 6= x): Then also ; x : ^ 0 ` y : . 2


81

Lemma 3.5.6 If ; ` M : and ;0 ` M : , then ; ] ;0 ` M : , where the variables declared in ; ] ;0 are those declared in ; or ;0 , and where (viewing the environments as functions)

8 > < 0 ; ] ; (x) = > :

^ 0 if ;(x) = and ;0 (x) = 0

if ;(x) = and ;0 (x) is undened

0 if ;0 (x) = 0 and ;(x) is undened :

Proof. The statement follows from lemma 3.5.2 and from a repeated application of

lemma 3.5.5.

2

Denition 3.5.7 (prime type) An intersection type is called prime if it is either an atomic type or an arrow type ! . Every type is thus a conjunction of prime types (called its prime factors) and of some ! 's, and, by (Ê ), if ; ` M : and if 0 is a prime factor of , then ; ` M : 0. Lemma 3.5.8 Let ; ` M : , with prime. Then: 1. If M = x, then (x : 0) 2 ;, where is a prime factor of 0,

2. If M = x:N , then = 1 ! 2 and ; x : 1 ` N : 2 , 3. If M = M1M2 , then ; ` M2 : and ; ` M1 : ! 0, for some 0, such that is a prime factor of 0 . Proof. First we claim that a proof of ; ` M : contains a proof ; ` M : 0 which

does not end with a (Î ) nor (Ê ) rule and is such that is a prime factor of 0. To prove the claim, we generalise the assumption \a proof of ; ` M : " to: \a proof of ; ` M : 00 where is a prime factor of 00". We proceed by induction on the length of the proof of ; ` M : 00 and consider the last rule used: (Î ) Then 00 = 1 ^ 2 , and , being a prime factor of 00, is a prime factor of 1 or 2 , thus we can apply induction to the left or right premise of the (Î ) rule. (Ê ) Then the premise of the rule is of the form ; ` M : 00 ^ or ; ` M : ^ 00, and , being a prime factor of 00, is also prime factor of 00 ^ or ^ 00. The claim is proved. Let ; ` M : 0 be as in the claim it is a conclusion of one of the three rules of the simply typed -calculus (without intersection types):

M =x: Then (x : 0) 2 ;: M = x:N : Then 0 = 1 ! 2 hence 0 is prime, which entails = 0: M = M1 M2 : Obvious:

2 Proposition 3.5.9 (subject reduction) If ; ` M : and M ! M 0, then ; ` M 0 : . Proof hint. In the crucial axiom case, use lemmas 3.5.8 (case 2) and 3.5.3.

2


82

Lemma 3.5.10 (expansion) 1. In D, if ; ` M N=x] : , then ; ` (x:M )N : . 2. In D, if ; ` M N=x] : and if ; ` N : for some , then ; ` (x:M )N : .

Proof. We prove (1), indicating where the additional assumption comes in for (2).

We may assume by lemma 3.5.3 that x is not declared in ;. The statement follows obviously from the following claim: 9

(; ` N : and ; x : ` M : ):

The claim is proved by induction on (size (M ) size( )):

= !: Obvious, taking = !.

= 1 ^ 2: By (Ê ) and by induction, we have ; ` N : 1 ; x : 1 ` M : 1 ; ` N : 2 ; x : 2 ` M : 2 : We set = 1 ^ 2, and we conclude by (Î ) and lemma 3.5.5.

prime: { M = x: Then the assumption is ; ` N : . Take = . { M = y 6= x: Then the assumption is ; ` y : . Take = ! (in D, take the assumed type of N ). { M = y:P : By lemma 3.5.8 (2) we have = 1 ! 2 and ; y : 1 ` P N=x] : 2: By induction we have ; y : 1 ` N : and ; x : y : 1 ` P : 2 : Since we can (must) make sure that y is not free in N , the conclusion follows from lemma 3.5.3. { M = M1M2: We can apply induction since size(M1) size(M2) size(M ). Using lemma 3.5.8 (3), we have ; ` N : 1 ; x : 1 ` M1 : 00 ! 0 ; ` N : 2 ; x : 2 ` M2 : 00

with prime factor of 0. As above, we set = 1 ^ 2 .

2

Remark 3.5.11 Unlike subject reduction, which holds widely in type systems, lemma 3.5.10 is peculiar of intersection types.

Theorem 3.5.12 (subject equality) If ; ` M : and M = M 0, then ; ` M 0 : .


83

Proof. One direction is proposition 3.5.9 and the other is easily proved by induction

2

using lemmas 3.5.10 and 3.5.8.

We shall prove the strong normalisation theorem and the approximation theorem making use of an elegant technique called the computability method. The method will be used again in sections 6.3 and 11.5.

Denition 3.5.13 (N -saturated) Let N . A subset X is called N -saturated if

8 N 2 N 8 M N1 : : : Nn 2

(M N=x]N1 : : :Nn 2 X

) (x:M )NN1 : : :Nn 2 X )

(in this implication n is arbitrary, in particular it can be 0).

Proposition 3.5.14 The N -saturated sets form an ets. (cf. denition 3.3.6). Proof hint. The statement is obvious for intersections. As for function types, the

Ni's in the denition of saturated set serve precisely that purpose. 2 Lemma 3.5.15 For any interpretation V (cf. denition 3.4.5) by N -saturated sets such that 8 V ( ) N , for any provable x1 : 1 : : : xk : k ` M : , and for any N1 2 V (1 ) : : : Nk 2 V (k ), we have M N1=x1 : : : Nk =xk ] 2 V (). Proof. By induction on the length of the proof of x1 : 1 : : : xk : k ` M : . ; ` x : : The conclusion is one of the assumptions.

Application: By induction we have

M N1=x1 : : : Nk =xk ] 2 V ( ! ) and N N1=x1 : : : Nk =xk ] 2 V () hence (MN )N1=x1 : : : Nk =xk ] 2 V ( ) by denition of V ( ! ).

Abstraction: We have to prove (x:M N1=x1 : : : Nk =xk ])N 2 V ( ), for any N 2 V ( ). By induction we have M N1=x1 : : : Nk=xk ]N=x] 2 V ( ), and the concusion follows by the denition of N -saturated set, noticing that a fortiori N 2 N by assumption.

(! ): Obvious, since V (! ) = . (Î ): Obvious by induction, since V ( ^ ) = V ( ) ^ V ( ). (Ê 1) (or (Ê 2)): Follows from the implicit order: V ( ^ ) V ( ).

2

Remark 3.5.16 Notice that we have used induction on types to construct V () at all types, and that we have used induction on (typing proofs of) terms to prove the statement. The core of the computability method indeed resides in this elegant separation of inductions, to be contrasted with their combinatorial combination in the proof of theorem 2.2.9.


84

The following characterisation of strongly normalisable terms, provides in particular an alternative proof of strong normalisation for the simply typed -calculus (theorem 2.2.9).

Theorem 3.5.17 (strong normalisation { intersection types) Any -term M is strongly normalisable i ; ` M : is provable in D for some ; .

Proof. (() We take N = SN , the set of strongly normalisable terms, and we

interpret the atomic types by setting V () = N . Our proof plan goes as follows. We show, for all : 1: V ( ) is N -saturated 2: x 2 V ( ) for all variables x 3: V ( ) N : By these conditions lemma 3.5.15 can be applied, with N1 = x1 : : : Nk = xk , yielding M 2 N . Therefore all we have to do is to prove the three conditions. (1) By lemma 3.5.14, the condition boils down to the verication that N is N saturated. We proceed by induction on depth (N ) + depth (M N=x]N1 : : :Nn ) (cf. denition 2.2.1). It is enough to prove that all the one step reducts P of (x:M )NN1 : : :Nn are in N : P = M N=x]N1 : : :Nn : By assumption. P = (x:M 0)NN1 : : :Nn : By induction, since depth (M 0N=x]N1 : : :Nn ) < depth (M N=x]N1 : : :Nn ):

If the reduction takes place in one of the Ni's, the reasoning is similar. P = (x:M )N 0N1 : : :Nn: By induction, since depth (N 0) < depth (N ) (notice that if x 62 FV (M ), then the depth of M N=x]N1 : : :Nn does not change whence the notion of N -saturated).

(2) and (3) We actually strengthen (2) into 20. N0 V ( ). where N0 = fxM1 : : :Mp j p 0 and 8 i p Mi 2 N g. We shall prove (20) and (3) together, as a consequence of the following properties, which we shall establish rst: (A) N0 N (B) N0 (N ! N0 ) (C) (N0 ! N ) N : (A) Any reduct of xM1 : : :Mp is of the form xN1 : : :Np where the Ni 's are reducts of the Mi 's. Therefore all elements of N0 are strongly normalisable. (B) The M1 : : : Mp in the denition of N0 serve precisely that purpose.


85

(C) Let M 2 N0 ! N . Then Mx 2 N , and a fortiori M 2 N . Now we can prove (20 ) and (3). The two properties hold at basic types because we have chosen V () = N , and by (A). The intersection case is obvious. Let thus = 1 ! 2. By induction we have V (1 ) N and N0 V (2), hence N ! N0 V ( ), and (20) at then follows by (B). Similarly, we use induction and (C) to prove (3) at . ()) By induction on (depth (M ) size(M )), and by cases: M = x1 : : :xm :xN1 : : :Nn , with x 6= x1 : : : xm: By induction and by lemmas 3.5.6 and 3.5.2, we have $ ` N1 : 1 : : : $ ` Nn : n for some $ = ; x1 :

1 : : : xm : m x : . Then we have, using lemma 3.5.5: ; x : ^ (1 ! ! n ! ) ` M : 1 ! ! m ! :

M = x1 : : :xm :xiN1 : : :Nn : Similar to the previous case. M = x1 : : :xm :(x:N )PN1 : : :Nn: Then by induction $ ` P : and $ ` N P=x]N1 : : :Nn : for some $ = ; x1 : 1 : : : xm : m . We claim that $ ` (x:N )PN1 : : :Nn : , from which ; ` M : 1 ! ! m ! follows. This is proved by induction on n (cf. theorem 3.5.12), the base case n = 0 being lemma 3.5.10 (2). 2

In the following three exercises, we present the logical approximation theorem, and derive as corollaries characterisations of the terms having a head normal form and of the terms having a normal form. We follow RdR93].

Exercise 3.5.18 (logical approximation) * We dene the following notion of \parnorm allel normal reduction", denoted with =) :

(x:P )QM1 : : :Mn norm =) P Q=x]M1 : : :Mn

M norm =) N P norm =) Q norm norm xM1 : : :Mi;1 PMi+1 : : :Mn =) xM1 : : :Mi;1QMi+1 : : :Mn x:M =) x:N Show that the following implication holds, for any ; M : ; ` M : ) 9 N M norm =) N and ; ` ! (N ) : : Hints (refering to the proof of theorem 3.5.20): (1) The following easy property is useful: in D, if ; ` M : and M N , then ; ` N : . (2) One should now deal with typed versions of the predicates N and N0 . Specically, set N (; )

= N0 (; ) =

(M norm =) N and ; ` ! (N ) : )g fM 2 N (; ) j M has the form xM1 : : :Mp g : fM 2 j 9 N

(3) Formulate and prove typed versions of properties (A) (B), and (C) (plus a property saying that the predicates at ^ are the intersections of the predicates at and ),


86

as well as of properties (1), (20), and (3) (in the latter the type should be restricted to a non-trivial one, see exercise 3.5.19. (4) In the proof of (C), observe that if

Mx norm =) (y:M )x norm =) M x=y ] norm =) P

then

M norm =) y:M norm =) y:P y=x]: (5) Formulate interpretations of the form V (; ) (making use of the operation ] dened in proposition 3.5.6 for the arrow case), and prove a version of lemma 3.5.15.

Exercise 3.5.19 Show that the following are equivalent for a -term M :

1 : M = N for some head normal form N 2 : M norm ;! N for some head normal form N (cf. denition 2.1.19) 3 : M is typable with a non-trivial type in D: where the non-trivial types are dened as follows: atomic types are non-trivial, ^ is non-trivial provided one of or is non-trivial, and ! is non-trivial provided

is non-trivial. Hints: can ony have a trivial type. Any term xM1 : : :Mn is typable in any environment x : ! ! ! ! ! .

Exercise 3.5.20 Show that the following are equivalent for a -term M :

1 : M is normalisable 2 : the leftmost reduction from M terminates (cf. proposition 2.2.18) 3 : ; ` M : in D for some ; where ! does not occur: On the way, show the following properties:

If ; ` M : , where M is a -normal form and where ! does not occur in ; , then does not occur in M .

Every normal form M is typable in D.

Exercise 3.5.21 Show that the logical approximation theorem still holds, replacing the

type system D by the type system of gure 3.2. (Warning: this involves revisiting a number of syntactic lemmas, typically lemma 3.5.8.)

Chapter 4 Interpretation of -Calculi in CCC's In rst approximation, typed -calculi are natural deduction presentations of certain fragments of minimal logic (a subsystem of intuitionistic logic). These calculi have a natural computational interpretation as core of typed functional languages where computation, intended as -reduction, corresponds to proof normalization. In this perspective, we reconsider in section 4.1 the simply typed -calculus studied in chapter 2. We exhibit a precise correspondence between the simply typed -calculus and a natural deduction formalization of the implicative fragment of propositional implicative logic. Next, we address the problem of modelling the notions of -reduction and equivalence. It turns out that simple models can be found by interpreting types as sets and terms as functions between these sets. But, in general, which are the structural properties that characterize such models? The main problem considered in this chapter is that of understanding what is the model theory of simply typed and untyped -calculi. In order to answer this question, we introduce in section 4.2 the notion of cartesian closed category (CCC). We present CCC's as a natural categorical generalization of certain adjunctions found in Heyting algebras. As a main example, we show that the category of directed complete partial orders and continuous functions is a CCC. The description of the models of a calculus by means of category-theoretical notions will be a central and recurring topic of this book. We will not always fully develop the theory but in this chapter we can take advantage of the simplicity of the calculus to go into a complete analysis. In section 4.3, we describe the interpretation of the simply typed -calculus into an arbitrary CCC, and we present some basic properties such as the substitution theorem. The interpretation into a categorical language can be seen as a way of implementing -renaming and substitution. This eventually leads to the denition of a categorical abstract machine. In section 4.4, we address the problem of understanding which equivalence is 87

88

CHAPTER 4. INTERPRETATION OF -CALCULI IN CCC'S

induced on terms by the interpretation in a CCC. To this end, we introduce the notion of -theory. Roughly speaking, a -theory is a congruence over -terms which includes -equivalence. It turns out that every CCC induces a -theory. Vice versa, one may ask: does any -theory come from the interpretation in a CCC? We answer this question positively by showing how to build a suitable CCC from any -theory. This concludes our development of a model theory for the simply typed -calculus. Related results will be presented in chapter 6 for Pcf, a simply typed -calculus extended with arithmetical operators and xed point combinators. In section 4.5 we introduce logical relations which are a useful tool to establish links between syntax and semantics. In particular, we apply them to the problem of characterizing equality in the set-theoretical model of the simply typed calculus, and to the problem of understanding which elements of a model are denable by a -term. In section 4.6 we regard the untyped -calculus as a typed -calculus with a re exive type. We show that that every CCC with a reexive object gives rise to an untyped -theory. We present a general method to build a category of retractions out of a reexive object in a CCC. We give two applications of this construction. First, we hint to the fact that every untyped -theory is induced by a reexive object in a CCC (this is the analogue of the result presented in section 4.4 for the simply typed -calculus). Second, we adopt the category of retractions as a frame for embedding algebraic structures in -models. Following Engeler, we describe a method to encode standard mathematical structures in -models. This chapter is mainly based on LS86, Sco80, Cur86] to which the reader seeking more advanced results is addressed.

4.1 Simply Typed -Calculus In chapter 2, we have presented a simply typed -calculus in which every subterm is labelled by a type. This was well-suited to our purposes but it is probably not the most illuminating treatment. So far, we have (mainly) discussed the -calculus as a core formalism to compute functions-as-algorithms. The simply typed -calculus receives an additional interpretation: it is a language of proofs for minimal logic. Let us revisit simple types rst, by considering basic types as atomic propositions and the function space symbol as implication At ::= j 0 j ::= At j ( ! ) : Forgetting the terms for a while, we briey describe the provability of formulas for this rudimentary logic. We use a deduction style called natural deduction Pra65]. A formula is proved relatively to a list 1 : : : n of assumptions. The

4.1. SIMPLY TYPED -CALCULUS

89

1in 1 : : : n ` i 1 : : : n ` 1 : : : n ` ! 1 : : : n ` ! 1 : : : n ` 1 : : : n ` Figure 4.1: Natural deduction for minimal implicative logic formal system described in gure 4.1 allows us to derive judgments of the form 1 : : : n ` , which are called sequents. An important remark with a wide range of possible applications How80] is that proofs in natural deduction can be encoded precisely as -terms. To this aim hypotheses are named by variables. Raw terms are dened by the following BNF (in the following, we feel free to spare on parentheses):

v ::= x j y j : : : M ::= v j (v : :M ) j (MM ) : A context ; is a list of pairs, x : , where x is a variable, all variables are distinct, and is a type. We write x : 2 ; to express that the pair x : occurs in ;. A judgment has the shape ; ` M : . Whenever we write ; ` M : it is intended that the judgment is provable. We also write M : to say that there exists a context ; such that ; ` M : . A term M with this property is called well-typed. Provable judgments are inductively dened in gure 4.2. We may omit the labels on the -abstractions when the types are obvious from the context. It is easily seen that any derivable judgment admits a unique derivation, thus yielding a one-to-one correspondence between proofs and terms. Yet another presentation of the typing rules omits all type information in the -terms. The corresponding typing system is obtained from the one in gure 4.2 by removing the type in x : :M . In this case a term in a given context can be given several types. For instance the term x:x can be assigned in the empty context any type ! , for any . To summarize, we have considered three styles of typing: (1) A totally explicit typing where every subterm is labelled by a type (see section 2.2). (2) A more economic typing, where only the variables bound in abstractions are labelled by a type. This style is known as \typing )a la Church".

90

CHAPTER 4. INTERPRETATION OF -CALCULI IN CCC'S (Asmp) x; :`x2: ; ; x : ` M : (!I ) ; ` x : :M : ! ;`M :! ;`N : (!E ) ; ` MN : Figure 4.2: Typing rules for the simply typed -calculus

(3) A type assignment system, where an untyped term receives a type. This is known as \typing )a la Curry". In the rst system, the term itself carries all the typing information. We note that once we have labelled free variables and -abstractions the label of each subterm can be reconstructed in a unique way. In the two other systems, )a la Church and )a la Curry, a separate context carries type information. In the system )a la Church, the context together with the types of bound variables carry all the necessary information to reconstruct uniquely the type of the term. In the system )a la Curry, a term, even in a given environment, may have many types. In general, the problem of deciding if an untyped -term has a type in a given context is a non-trivial one. This is referred to as the type-inference or, equivalently, type reconstruction problem. Type reconstruction algorithms are quite relevant in practice as they relieve the programmer from the burden of explicitly writing all type information and allow for some form of polymorphism. For the simply typed discipline presented here, it can be shown that the problem is decidable and that it is possible to represent by a type schema (a type with type variables) all derivable solutions to a given type reconstruction problem Hin69]. On the other hand, the typeinference problem turns out to be undecidable in certain relevant type disciplines (e.g. second order Wel94]). In this chapter, we concentrate on the interpretation of -terms with explicit type information. We regard these calculi a) la Church as central, by virtue of their strong ties with category theory and proof theory. The interpretation of type assignment systems has already been considered in chapter 3, and it will be further developed in chapter 15.

Exercise 4.1.1 This exercise gives a more precise relation between the three systems

mentioned above. Let M be a totally explicitly typed term. Let x1 1 : : : x nn be its free variables. Let erase be the function that erases all type information in a -term.

4.1. SIMPLY TYPED -CALCULUS

91

Show that x1 : 1 : : : xn : n ` erase(M ) : is derivable. Dene a function semierase such that x1 : 1 : : : xn : n ` semi-erase(M ) : is a la Church derivable. Conversely, from a derivation a la Curry of x1 : 1 : : : xn : n ` M : , construct a totally explicitly typed term N , whose free variables are x 1 1 : : : x nn , and such that erase(N ) = M . Design a similar transformation from a derivation a la Church. Investigate how these transformations compose.

Exercise 4.1.2 Show that the structural rules of exchange, weakening, and contraction are derived in the system above, in the sense that, if the premises are provable, then the conclusion is provable.

(exch) ; x : y : ;0 ` M : (weak) ; ` M : and x : 2= ; (contr) ; x : y : ` M :

) ) )

; y : x : ;0 ` M : ; x : ` M : ; z : ` M z=x z=y ] : (z fresh) :

We consider two basic axioms for the reduction of terms (cf. chapter 2) ( ) (x : :M )N ! M N=x] ( ) x : :(Mx) ! M if x 2= FV (M ) we denote with ! their compatible (or contextual) closure (cf. gure 2.4), and with ! the reexive and transitive closure of !.

Exercise 4.1.3 (subject reduction) Show that well-typed terms are closed under reduction, formally:

; ` M : and M ! N

)

;`N : :

Theorem 4.1.4 (conuence and normalization) (1) The reduction relation !

is con uent (both on typed and untyped -terms). (2) The reduction system ! is strongly normalizing on well-typed terms, that is if M : then all reduction sequences lead to a -normal form.

We have already proved these properties in chapter 2 for the untyped reduction. Using subject reduction (exercise 4.1.3) the proof-techniques can be easily adapted to the typed case. The following exercise provides enough guidelines to extend the results to -reduction. Exercise 4.1.5 In the following !1 means reduction in 0 or 1 step. (1) If M ! M1 and M ! M2 then there is an N such that M1 ! 1 N and M2 ! 1 N . (2) If M ! M1 and M ! M2 then there is an N such that M1 ! 1 N and M2 ! N . (3) If M ! ! N then M ! ! N or M ! ! N , where M !R1 !R2 N stands for 9P (M !R1 P and P !R2 N ).

92

CHAPTER 4. INTERPRETATION OF -CALCULI IN CCC'S : ;`N : (Asmp) x; :`x2: ; (I ) ;;``MhM Ni : (E1) ;;``M :M : (E2) ;;``M :M : 1 2 Figure 4.3: Typing rules for a calculus of conjunction

4.2 Cartesian Closed Categories The reader will nd in appendix B some basic notions of category theory. Next, we motivate the introduction of CCC's as the combination of two more elementary concepts.

Example 4.2.1 (conjunction and binary products) Let us consider a sim-

ple calculus in which we can pair two values or project a pair to one of its components. Types: At ::= j 0 j ::= At j ( ) Terms: v ::= x j y j M ::= v j hM M i j 1M j 2M This calculus corresponds to the conjunctive fragment of minimal logic. Its typing rules are shown in gure 4.3.

It is intuitive that a cartesian category (i.e. a category with a terminal object and binary products) has something to do with this calculus. Let us make this intuition more precise: (1) We interpret a type as an object ] of a cartesian category C. The interpretation of the type is the cartesian product ] ] . (2) If types are objects, it seems natural to associate terms to morphisms. If M is a closed term of type we may expect that its interpretation is a morphism f : 1 ! ] , where 1 is the terminal object. But what about a term M such that x1 : 1 : : : xn : n ` M : ? The idea is to interpret this term as a morphism f : ( (1 1] ) n] ) ! ] . This example suggests that types can be seen as objects and terms as morphisms. We do not wish to be more precise at the moment (but see section 3) and leave the following as an exercise. Exercise 4.2.2 Dene an interpretation of the typed terms of the calculus of conjunction into a cartesian category.

4.2. CARTESIAN CLOSED CATEGORIES

93

There is a well-known correspondence between classical propositional logic and boolean algebras: a formula is provable i it is valid in every boolean algebra interpretation. Heyting algebras play a similar role for intuitionistic (or minimal) logic. Denition 4.2.3 (Heyting algebras) A Heyting algebra H is a lattice with lub operation _, glb operation ^, greatest element 1, least element 0, and with a binary operation ! that satises the condition x ^ y z i x y ! z : Exercise 4.2.4 Heyting algebras abound in nature. Show that the collection of open sets of a topological space (X ) ordered by inclusion can be seen as a Heyting algebra by taking

U !V =

fW 2 j W (X nU ) V g

:

For our purposes the important point in the denition of Heyting algebra is that the implication is characterized by an adjoint situation (in a poset case), as for any y 2 H the function ^ y is left adjoint to the function y ! 8y 2 H ( ^ y ) a (y ! ) : In poset categories the interpretation of proofs is trivial. For this reason Heyting algebras cannot be directly applied to the problem of interpreting the simply typed -calculus. However combined with our previous example they suggest a natural generalization: consider a cartesian category in which each functor A has a right adjoint ( )A . In this way we arrive at the notion of CCC. The adjunction condition can be reformulated in a more explicit way, as shown in the following denition. Denition 4.2.5 (CCC) A category C is called cartesian closed if it has: (1) A terminal object 1. (2) For each A B 2 C a product given by an object A B with projections A : A B ! A and B : A B ! B such that: 8C 2 C 8f : C ! A 8g : C ! B 9!h : C ! A B (A h = f and B h = g ) : h is often denoted by hf gi, where h i is called the pairing operator. 1 and 2 are equivalent notations for A and B respectively. (3) For each A B 2 C an exponent given by an object B A with ev : B A A ! B such that 8C 2 C 8f : C A ! B 9!h : C ! B A (ev (h id) = f ) : h is often denoted by &(f ), & is called the currying operator, and ev the evaluation morphism.

94


In the following B A and A ) B are interchangeable notations for the exponent object in a category.

Exercise 4.2.6 Given a CCC C, extend the functions Prod(A B) = A B and Exp(A B ) = B A to functors Prod : C C ! C and Exp : Cop C ! C. Exercise 4.2.7 Show that a CCC can be characterized as a category C such that the following functors have a right adjoint: (i) the unique functor ! : C ! 1, (ii) the diagonal functor $ : C ! C C dened by $(c) = (c c) and $(f ) = (f f ), (iii) the functors A : C ! C, for any object A. It is possible to skolemize the denition of CCC, that is to eliminate the existential quantications, using the type operators 1, ( ), ( )( ) and the term operators #, h i, &( ). In this way the theory of CCC's can be expressed as a typed equational theory as shown in the following.

Exercise 4.2.8 Show that a CCC can be characterized as a category C such that the following equations hold. There are 1 2 C and !A : A ! 1, such that for all f : A ! 1,

(!) f = !A : There are 1 : A B ! A and 2 : A B ! B , for any A B 2 C, and hf g i : C ! A B for any f : C ! A, g : C ! B, such that for all f : C ! A, g : C ! B , h : C ! A B, (Fst) 1 hf g i = f (Snd) 2 hf g i = g (SP ) h1 h 2 hi = h : There are ev : B A A ! B for any A B 2 C, and (f ) for any f : C A ! B , such that for all f : C A ! B , h : C ! B A , (cat ) ev ((f ) id) = f (cat) (ev (h id)) = h where f g = hf 1 g 2i.

Exercise 4.2.9 Referring to exercise 4.2.8 prove that (SP) is equivalent to (DPair) hf g i h = hf h g hi (FSI ) h1 2i = id and that (cat) and (cat) are equivalent to

(Beta) ev h(f ) g i = f hid g i (D) (f ) h = (f (h id)) (AI ) (ev ) = id :

4.2. CARTESIAN CLOSED CATEGORIES

95

Exercise 4.2.10 Show that the following categories are cartesian closed: (a) (Finite) Sets. (b) (Finite) Posets and monotonic functions. On the other hand prove that the category pSet of sets and partial functions is not cartesian closed. Hint: consider the existence of an isomorphism between pSet2 2 1] and pSet2 4].

One can now formally prove that the category of directed complete partial orders (dcpo's) and maps preserving lub's of directed sets is cartesian closed using propositions 1.4.1 and 1.4.4. Exercise 1.4.6 does not say directly that the product construction in Dcpo yields a categorical product. This follows from the following general (meta)-property.

Exercise 4.2.11 Let C C0 be categories, and F : C ! C0 be a faithful functor. Suppose that C0 has products, and that for any pair of objects A and B of C there exists an object C and two morphisms : C ! A and : C ! B in C such that: F (C ) = F (A) F (B) F () = 1 F () = 2 and for any object D and morphisms f : D ! A, g : D ! B , there exists a morphism h : D ! C such that F (h) = hF (f ) F (g )i. Show that C has products. Explain why

this general technique applies to Dcpo.

In a similar way one can verify that the function space construction in Dcpo yields a categorical exponent. The check is slightly more complicated than for the product, due to the fact that the underlying set of the function space in Dcpo is a proper subset of the function space in Set.

Exercise 4.2.12 Let C, C0 be categories, and F : C ! C0 be a faithful functor. Suppose that the assumptions of exercise 4.2.11 hold, and use to denote the cartesian product in C. Suppose that C0 has exponents, and that for any pair of objects A and B of C there exists an object C of C, a mono m : FC ! FB FA and a morphism

: C A ! B such that: (1) F ( ) = ev (M id), and (2) for any object D and arrow f : D A ! B , there exists a morphism k : D ! C such that mF (k) = (F (f )). Show that C has exponents. Apply this to Dcpo.

Theorem 4.2.13 (Dcpo CCC) Dcpo is a cartesian closed category. The order for products is componentwise, and the order for exponents is pointwise. Cpo

is cartesian closed too.

Proof. We can apply the exercises 1.4.6 and 4.2.12. A direct proof of cartesian

closure is also possible and easy. For the last part of the statement, notice that (? ?) is the minimum of D E , and that the constant function d:? is the minimum of D ! E . 2

96


(Asmp) x1 : 1 : : : xn : n ` xi : i] = ni (!I ) ; ` x : :M : ! ] = &(; x : ` M : ] ) (!E ) ; ` MN : ] = ev h ; ` M : ! ] ; ` N : ] i Figure 4.4: Interpretation of the simply typed -calculus in a CCC

4.3 Interpretation of -Calculi We explain how to interpret the simply typed -calculus in an arbitrary CCC. Suppose that C is a CCC. Let us choose a terminal object 1, a product functor : C C ! C and an exponent functor ): Cop C ! C. Then there is an obvious interpretation for types as objects of the category which is determined by the interpretation of the atomic types. The arrow is interpreted as exponentiation in C. Hence given an interpretation ] for the atomic types, we have: ! ] = ] ) ] : Consider a provable judgment of the shape x1 : 1 : : : xn : n ` M : . Its interpretation will be dened by induction on the length of the proof as a morphism from ;]] to ] , where we set ; = x1 : 1 : : : xn : n and ;]] = 1 1] : : : n] . We will take the convention that associates to the left. We denote with ni : ;]] ! i] (i = 1 : : : n) the morphism: 2 1 1, where 1 is iterated (n ; i) times. The interpretation is dened in gure 4.4. The last two rules need some explanation. Suppose C = ;]], A = ] , and B = ] . (!I ) If there is a morphism f : C A ! B then there is a uniquely determined morphism &(f ) : C ! B A. (!E ) If there are two morphisms f : C ! B A and g : C ! A, then one can build the morphism hf gi : C ! B A A and composing with ev one gets ev hf gi : C ! A. Sometimes, we write M ] as an abbreviation for ; ` M : ] . When composing the interpretation of the judgment ; ` M : with an environment, that is a morphism in C1 ;]]], we will freely use the notation M ] hd1 : : : dni which relies on an n-ary product. In section 4.5 we will work with a simply typed -calculus enriched with a set of constants C . We suppose that each constant is labelled with its type, say c . The typing system is then enriched with the rule: ; ` c :

(4.1)

4.3. INTERPRETATION OF -CALCULI

97

We denote with &(C ) the collection of well-typed terms. The interpretation is xed by providing for each constant c a morphism fc : 1 ! ] . The judgment ; ` c : is then interpreted by composing with the terminal morphism: ; ` c : ] = fc!

(4.2)

The interpretation in gure 4.4 is dened by induction on the structure of a proof of a judgment ; ` M : . In the simple system we presented here a judgment has a unique proof. However, in general, there can be several ways of deriving the same judgment, therefore a problem of coherence of the interpretation arises, namely one has to show that di erent proofs of the same judgment receive the same interpretation. Note that in the simply typed calculus the coherence problem is avoided by getting rid of the structural rules. This trick does not suce in more sophisticated type theories like LF (see chapter 11) where the derivation is not completely determined by the structure of the judgment. In this case term judgments and type judgments are inter-dependent.

Exercise 4.3.1 Show that if ; ` M : and x : 2= ; then ; x : ` M : (cf. exercise 4.1.2) and ; x : ` M : ] = ; ` M : ] 1.

Exercise 4.3.2 Given two contexts ; x : y : ;0 and ; y : x : ;0 dene an isomorphism between the corresponding objects. Hint: if ; z : and ;0 is empty

then hh1 1 2i 2 1 i : (C A) B ! (C B ) A. Show that (cf. exercise 4.1.2) ; x : y : ;0 ` M : ] = ; y : x : ;0 ` M : ] :

The next step is to analyse the interpretation of substitution in a category.

Theorem 4.3.3 (substitution) If ; x : ` M : , and ; ` N : then (1)

; ` M N=x] : , and (2) ; ` M N=x] : ] = ; x : ` M : ] hid ; ` N : ] i. Proof. (1) By induction on the length of the proof of ; x : ` M : . The

interesting case arises when the last deduction is by (!I ): ; x : y : ` M : 0 ; x : ` y : :M : ! 0

We observe (y : :M )N=x] y : :M N=x]. We can apply the inductive hypothesis on ; y : x : ` M : 0 (note the exchange on the assumptions) to get ; y : ` M N=x] : 0 from which ; ` (y : :M )N=x] : ! 0 follows by (!I ). (2) We will use the exercises 4.3.1 and 4.3.2 on the interpretation of weakening and exchange. Again we proceed by induction on the length of the proof of


98

; x : ` M : and we just consider the case (!I ). Let: 8 > f1 = ; ` y : :M N=x] : ! 0] : C ! B 0B > > g1 = ; y : ` M N=x] : 0] : C B ! B0 > > 0 > < f2 = ; x : ` y : :M : 0 ! ] : C A ! B 0B g2 = ; y : x : ` M : ] : (C B ) A ! B 0 > > f3 = ; ` N : ] :C !A > > g = ; y : ` N : ] :C B !A > 3 > : g20 = ; x : y : ` M : 0 ] : (C A) B ! B 0 : We have to show f1 = f2 hid f3i, knowing by induction hypothesis that g1 = g2 hid g3 i. We observe that f1 = &(g1), f2 = &(g20 ), and g20 = g2 , where = hh1 1 2i 2 1i is the iso given by exercise 4.3.2. Moreover g3 = f3 1. We then compute f2 hid f3i = &(g20 ) hid f3i = &(g20 (hid f3i id)) : So it is enough to show g1 = g20 (hid f3i id). We compute on the right hand side g20 (hid f3i id) = g2 hh1 f3 1i 2i = g2 hh1 g3i 2i = g2 hid g3 i :

2

The categorical interpretation can be seen as a way of compiling a language with variables into a language without variables. The slogan is that variables are replaced by projections, for instance ` x : :x : ! ] = &(2 ). In other words, rather than giving a symbolic reference in the form of a variable, one provides a path for accessing a certain information in the context. 1 As a matter of fact the compilation of the -calculus into the categorical language has been taken as a starting point for the denition of an abstract machine (the Categorical Abstract Machine (CAM), see CCM87]) in the style of Landin's classical SECD machine Lan64] (see Cur86] for a comparison). The purpose of these machines is to provide a high-level description of data structures and algorithms used to reduce eciently -terms. In the CAM approach, a fundamental problem is that of orienting the equations that characterize CCC's as dened in exercise 4.2.8. In the following we drop all type-information and we restrict our attention to the simulation of -reduction (the treatment of the extensional rules raises additional problems). Hardin Har89] has studied the term rewriting system described in gure 4.5. The most important results are: E is conuent and strongly normalizing . de Bruijn conventions for the representation of variables as distances from the respective binders, as well as standard implementations of environments in abstract machines (cf. chapter 8) follow related ideas. 1

4.4. FROM CCC'S TO -THEORIES AND BACK

99

(Beta) ev h&(f ) gi ! f hid gi

(E )

8 > > > > > > > < > > > > > > > :

(f g) h id f 1 id 2 id 1 hf gi 2 hf gi hf g i h &(f ) h

! f (g h) !f ! 1 ! 2 !f !g ! hf h g hi ! &(f hh 1 2i)

Figure 4.5: A rewriting system for the -categorical equations + Beta is conuent (on a subset of categorical terms which is large enough to contain all the compilations of -terms). The proof of strong normalization of E is surprisingly dicult CHR92]. Simpler results have been obtained with a related calculus called -calculus ACCL92]. More results on abstract machines which are related to the CAM are described in chapter 8.

E

4.4 From CCC's to -Theories and back We study the equivalence induced by the interpretation of the simply typed calculus in a CCC. It turns out that the equivalence is closed under -conversion and forms a congruence.

Denition 4.4.1 (-theory) Let T be a collection of judgments of the shape

; ` M = N : such that ; ` M : and ; ` N : . T is called a -theory if it is equal to the smallest set containing T and closed under the rules in gure 4.6. We note that the congruence generated by the axioms and is the smallest -theory. To every CCC we can associate a -theory.

Theorem 4.4.2 Let C be a CCC and let ] be an interpretation in the sense of gure 4.4 of the simply typed -calculus dened over C. Then the following collection is a -theory.

Th(C) = f; ` M = N : j ; ` M : ; ` N : ; ` M : ] = ; ` N : ] g :

100


()

; ` x : :N : ! y 2= FV (N ) ; ` y : :N y=x] = x : :N : !

( )

; ` (x : :M )N : ; ` (x : :M )N = M N=x] :

( )

; ` x : :(Mx) : ! x 2= FV (M ) ; ` x : :(Mx) = M : !

(weak )

; ` M = N : x : 2= ; ; x : ` M = N :

(re )

;`M : ;`M =M :

(sym )

;`M =N : ;`N =M :

: ;`N =P : (trans ) ; ` M =; N` M =P : () (appl )

; x : ` M = N : ; ` x : :M = x : :N : ! ; ` M = N : ! ; ` M0 = N0 : ; ` MM 0 = NN 0 :

=N :2T (asmp) ; `; M `M =N : Figure 4.6: Closure rules for a typed -theory

4.4. FROM CCC'S TO -THEORIES AND BACK

101

Proof. We have to check that Th(C) is closed under the rules presented in

gure 4.6. For () we observe that ] is invariant with respect to the names of bound variables. ( ) Let ; ` (x : :M )N : ] = ev h&(f ) gi, where f = ; x : ` M : ] and g = ; ` N : ] . By the substitution theorem ; ` M N=x] : ] = f hid gi, and we compute

f hid gi = ev (&(f ) id) hid gi = ev h&(f ) gi : ( ) By the following equations: ; ` x : :Mx : ! ] = &(ev h ; x : ` M : ! ] ; x : ` x : ] i) = &(ev h ; ` M : ! ] 1 2i) = &(ev (; ` M : ! ] id)) = ; ` M : ! ] : For (weak ) we use the exercise 4.3.1. The rules (re ), (sym ), (trans ) hold since Th(C) is an equivalence. Finally, (), (apl) follow by the denition of the interpretation of abstraction and application. 2

Exercise 4.4.3 Show that there are innitely many -theories. Hints: Interpret the

atomic types as nite sets and consider the resulting -theory. Then analyse the normal forms of type ( ! ) ! ( ! ).

Next, we show how to generate a CCC starting from a -theory. The construction consists essentially in taking types as objects of the category and (open) terms quotiented by the -theory as morphisms (cf. Henkin's term model Hen50]). We take the following steps: (1) We extend the language with constructors for terminal object and product, as well as the relative equations: Types: At ::= j 0 j : : : ::= At j 1 j j ! Terms: v ::= x j y j : : : M ::= v j # j hM M i j 1M j 2M j v : :M j MM : 1. Typing Rules. The rules of the simply typed calculus (gure 4.2), plus the rules for conjunction (gure 4.3), plus: (#) ; ` # : 1 :

102


2. Equations. The rules of the pure -theory (gure 4.6) plus: ; `M : (SP ) ; ` h M (#) ;;``MM =: 1# 1 2 M i = M : ; ` hM N i : ; ` hM N i : (1) ; ` hM N i = M : (2) ; ` hM N i = N : : 1 2 We denote with T 0 the collection of judgments provable in the -theory T extended with the constructors and rules given above. (2) We now associate to T 0 a CCC C(T 0) as follows. 1. The objects are the types of the extended language. 2. The morphisms are equivalences classes of terms according to the equivalence induced by T 0. More precisely C(T0) ] = fx : ` M : ] j x : ` M : g x : ` M : ] = fy : ` N : j` x : :M = y : :N : ! 2 T 0g : 3. The structure associated to every CCC is dened as follows: (id) x : ` x : ] (comp) x : ` M : ] y : ` N : ] = y : ` M N=x] : ] (term) ! = x : ` # : 1] (proj ) 1 = x : ` 1x : ] 2 = x : ` 2x : ] (pair) hx : ` M : ] x : ` N : ]i = x : ` hM N i : ] (eval) ev = x : ( ! ) ` (1x)(2x) : ] (curry) &(x : ` M : ]) = y : ` z : :M hy zi=x] : ! ] : 4. We leave to the reader the verication of the equations associated to a CCC. (3) Finally we have to verify that the -theory associated to C(T 0) is exactly T 0. To this end one checks that x1 : 1 : : : xn : n ` M : ] = x : ` M nix=x] : ], where ( (1 1) n). We can summarize our constructions as follows. Theorem 4.4.4 (from -theories to CCC's) Given any -theory T over the simply typed calculus with products and terminal object we can build a CCC C(T ) such that the -theory associated to C(T ) coincides with T . Remark 4.4.5 (1) It is possible to see the constructions described here as representing an equivalence between a category of CCC's and a category of -theories LS86]. (2) It is possible to strengthen the previous theorem by considering a theory T over the simply typed -calculus without products and terminal object. Then one needs to show that it is possible to add conservatively to T the equations (#), (1), (2), and (SP ) (see Cur86], chapter 1, for a description of suitable proof techniques).

4.5. LOGICAL RELATIONS

4.5 Logical Relations

103

Logical relations are a quite ubiquitous tool in semantics and in logic. They are useful to establish links between syntax and semantics. In this section, logical relations are dened and applied to the proof of three results of this sort: Friedman's completeness theorem Fri73], which characterizes -equality, and Jung-Tiuryn's and Siebers's theorems JT93, Sie92] on the characterization of -denability. Logical relations are predicates dened by induction over types, relating models of a given -calculus with constants &(C ). To simplify matters, throughout the rest of this section, we make the assumption that there is only one basic type . We dene next (binary) logical relations, to this end we x some terminology. Recall that an interpretation of simply typed -calculus in a CCC C is given as soon as the basic type is interpreted by an object D of C. We shall summarize this by calling the pair M = (C D ) a model. We write ] = D , hence D ! = D ) D . If there are constants, then the constants must also be interpreted, but we leave this implicit to keep notation compact. We shall make repeated use of the hom-sets of the form C1 D]. It is thus convenient to use a shorter notation. We shall write, for any object D of C:

C1 D] = D : As a last preliminary to our denition, we point out the following instrumental isomorphisms which hold in any cartesian closed category, for any objects A and B: CA B ] = C1 B A] : Here is the right-to-left direction (the other is left to the reader): f^ = &(f 2) :

Denition 4.5.1 (logical relation) Let M = (C D ) and M0 = (C0 D0 ) be

two models. A logical relation is a relation R D D0 . These relations are extended to all types (including product types) by the following denitional equivalences: R1 = f(id id )g hd ei R

hd0 e0i , (d R d0 and e R e0) f R ! f 0 , 8 d d0 (d R d0 ) (ev hf di) R

(ev hf 0 d0i) : Thus, at every type, R D D0 . We shall write, for any f f 0 : D ! D : f R f 0 whenever f^ R ! f^0 :

104


A logical relation is called C -logical if c] M R c] M , for all constants (where is the type of c). Notice that if C is empty, i.e. if our language is the simply typed -calculus without constants, then C -logical is the same as logical. 0

Remark 4.5.2 The above denition is much in the spirit of the computability

predicates used in section 3.5. The only dierence is that computability predicates are dened on terms, while logical relations are dened on elements of models.

The following is known as the fundamental lemma of logical relations. Lemma 4.5.3 Let R be a C -logical relation, then, for any closed term M of type : ` M ] M R ` M ] M : Proof hint. We extend the statement to open terms as follows. For any x1 : 1 : : : xn : n ` M : , and for any d1 R 1 d01 : : : dn R n d0n : M ] hd1 : : : dni R M ] hd01 : : : d0n i : 0

The proof of this extended statement is by induction on the size of M . For the abstraction case, one uses the following equation, which is consequence of the equations characterizing CCC's (cf. exercise 4.2.8): ev h&(f )d ei = f hd ei. 2 A more concrete description of models, and of logical relations, can be given when the models are extensional, i.e. when the morphisms of the model can be viewed as functions.

Denition 4.5.4 (enough points) A category C with terminal object 1 is said to have enough points if the following holds, for any a b and any f g 2 Ca b]: 8h : 1 ! a

(f h = g h)

If the underlying category of a model extensional.

M

)

f =g :

has enough points, we say that

M

is

Extensional models and logical relations can be described without using the vocabulary of category theory. The price to pay is that the denition is syntaxdependent. We leave it to the reader to convince himself that the following constructions indeed dene (all) extensional models and logical relations. A simply-typed extensional applicative structure (cf. section 3.1) M consists of a collection of sets D , such that, for all , , D ! is (in bijection with) a set of functions from D to D . With any sequence 1 : : : n of types we associate a set D 1 ::: n (abbreviated as D~ ) as follows. With the empty sequence we associate a singleton set f#g, and we dene D~ = D~ D .


105

An interpretation function is a function ] mapping any typing judgement x1 : 1 : : : xn : n ` M : to a function from D~ to D (for closed terms ` M : , we consider freely ` M : ] as an element of D ), which has to satisfy the following (universally quantied) properties: ` c : ] 2 D

x1 : 1 : : : xn : n ` xi : i] (d~) = di ; ` MN : ] (d~) = (; ` M : ! ] (d~))(; ` N : ] (d~)) (; ` x : : M : ! ] (d~))(e) = ; x : ` M : ] (d~ e) : There is an additional condition dealing with weakening, which we omit here, and which serves in the proof of theorem 4.5.13. These clauses characterize the interpretation function except for constants. An extensional model M consists of an extensional applicative structure together with an interpretation function ] M (the subscript is omitted when clear from the context). In this concrete framework, a logical relation is now a relation R D D0, extended to all types (using function types only) by the following denitional equivalence: f R ! f 0 , 8 d d0 (d R d0) ) (f (d) R f (d0 )) : We shall freely use this concrete presentation in the sequel, when dealing with extensional models. Exercise 4.5.5 Establish formal links between the above formulations and categories with enough points. Hint: given a model described concretely, consider the category whose objects are sequences (1 : : : m ) of types and whose morphisms are vectors (d1 : : : dn) : (1 : : : m) ! ( 1 : : : n) where di 2 D 1 ! ! m !i for all i. Exercise 4.5.6 (extensional collapse) Let M = (C D) be a model, and consider the logical relations R dened by R = f(d d) j d 2 D g. Consider the category C] whose objects are the types built freely from using nite products and function types, and whose arrows from to are equivalence classes with respect to R . Show that C] is a CCC with enough points, called the extensional collapse of C.

We next give two applications of logical relations. The rst application is in fact itself a family of applications. Logical relations may be useful to prove inclusions of theories, thanks to the following lemma. Lemma 4.5.7 Let R be a logical relation between two models M and M0. Suppose that R is functional for all , i.e. for all d d0 d00 : d R d0 and d R d00 ) d0 = d00 : Then, for any closed terms M N of the same type: M]M = N]M ) M]M = N]M : 0

0


106

Proof. Let be the common type of M N and let d be the common value of

M ] M and N ] M. By two applications of lemma 4.5.3 we have d R M ] M and d R N ] M , and the conclusion follows from the assumption that R is functional. 0

0

2

We would like to have sucient conditions on R to prove that R is functional. Clearly, one should require R to be functional to start with. In practice R may be more than functional. Often we want to compare (extensional) models which interpret basic types the same way and which di er in the choice of the functions (or morphisms) in the interpretation of function types. In other words, R is often the identity (an example is provided by exercise 4.5.6). It turns out that surjectivity (a property a fortiori enjoyed by the identity) is a useful property to carry along an induction. Indeed, let us attempt to prove that if R is functional and surjective, then R is functional and surjective for all . Once we know that R is functional, we freely say that R (d) is dened and equal to d0 if d R d0. Also, we assume that we have proved surjectivity at type by building a function i : D0 ! D such that i (d0) R d0 for all d0. Equivalently, we assume that at type , there exists a partial function R : D * D0 and a total function i : D0 ! D such that R i = id . Similarly, we suppose that these data exist at type . We want to show that R ! is functional, and to construct i ! such that R ! i ! = id . Functional: Using the formulation of R and R as partial functions, the denition of f R ! f 0 reads: 8 d 2 D R (d) # ) f 0 (R (d)) = R (f (d)) : Suppose that f R ! f 0. Then, for any d0 2 D0 : f 0(d0) = f 0(R (i (d0))) by surjectivity at = R (f (i (d0))) by the denition of R ! : Hence f 0 is unique. More precisely: R ! (f ) # ) R ! (f ) = R f i :

Surjective: We claim that all we need to know about i ! is the following, for any f 0 2 D0 ! : (y) 8 d 2 D R (d) # ) i ! (f 0)(d) = i (f 0(R (d))) :

Let us prove that if i ! satises (y), then R ! i ! = id , that is, by the denition of R ! , for any f 0 : D0 ! : 8 d 2 D R (d) # ) f 0 (R (d)) = R (i ! (f 0 )(d)) :


107

Indeed, we have, under the assumption that R (d) #: R (i ! (f 0)(d)) = R (i (f 0(R (d)))) by (y) = f 0(R (d)) by surjectivity at : In the above proof schema, we have used extensionality of both M and N . The proof schema is easily instantiated in the following theorem. Theorem 4.5.8 (Friedman) Let F = fD g be the full type hierarchy over an innite set D , i.e. F = fD g is the extensional model for which D ! is the set of all functions from D to D . Then, for any -terms: M ] F = N ] F , M = N : Proof. (() Since F is extensional, it validates . ()) We turn syntax into an extensional model, by setting D0 to be the set of all equivalence classes of (open) terms of type . That this makes an extensional model is proved as follows. We dene an application function by M ] N ] = MN ]. Suppose that for all P ], M ] P ] = N ] P ]. Then in particular, for a fresh x, Mx] = Nx], i.e. Mx = Nx. Then: M = x:Mx = x:Nx = N : Therefore we have an extensional model. Now we are ready to use the proof schema, with the term model as M0, and F as M. We need a surjection from D to D0 . It is clearly enough to live with a denumerable set of variable names. Therefore we can consider the set of terms as denumerable. The sets D0 are then at most denumerable. They are not nite, since we can have innitely many di erent -normal forms x xx1 xx1 xn : : : at any given type . In particular, D0 is innite and denumerable. Then, given any innite D , we can pick a (total) surjection R : D ! D0 . More precisely, we can pick a function i : D0 ! D such R i = id . We are left to exhibit a denition of i ! satisfying (y). But property (y) actually gives a denition of the restriction of i ! (f 0) to the domain of R . Since we are in the full type hierarchy, we can choose any value for i ! (f 0)(d) when R (d) ". 2

The above proof, which is essentially the original proof of Fri73], uses the fullness of model F quite crudely. There exists another proof of Friedman's theorem, as a corollary of a powerful theorem known as Statman's 1-section theorem, whose range of applications to various completeness theorems seems wider than what can be achieved by the above proof schema. Statman's theorem states that in order to prove a completeness theorem, it suces to prove it for terms of type = ( ! ! ) ! ! . What is special about this type? If there are no constants, the closed normal forms of type are exactly the (encodings of) binary trees constructed over a signature ff cg consisting of a symbol f or arity 2 and a symbol c of arity 0.

108


Theorem 4.5.9 (1-section) Let C be a class of models of the simply-typed calculus. The following properties are equivalent: (1) For any type , and any closed terms M N of type : 8 M 2 C ` M]M

= ` N]M

,

M = N :

(2) For any closed terms M N of type = ( ! ! ) ! ! : 8 M 2 C ` M]M

= ` N]M

,

M = N :

Proof. Statement (1) obviously implies (2). The other direction is an immediate

consequence of the following lemma 4.5.11.

2

Denition 4.5.10 (rank) The rank of a simple type is dened as follows: rank () = 0 ( base type) rank (1 ! ! k ! ) = 1 + (maxfrank (i) j i = 1 : : : k g) : We say that a type is at most rank n if rank ( ) n. If there is only one base type , the types of rank at most 1 are thus the types n , where:

0 = n+1 = ! n :

Lemma 4.5.11 If M N are closed simply-typed -terms of type , and if M 6=

N , then there exists a closed simply-typed -term P of type ! (where is as in the statement of theorem 4.5.9) such that PM 6= PN . Proof hint. The proof makes use of the notion of extended -normal form.

An extended -normal form of type 1 ! ! n ! is a term of the form x1 xn:u(M1x1 xn) (Mk x1 xn), where each Mj is itself an extended -normal form. Note that extended -normal forms are not normal forms in general, whence the qualication \extended". Using strong normalisation, it is easily shown that for any M there exists a unique extended -normal form N such that M = N . The proof of the statement is decomposed in two claims. 1. Let M N be two di erent closed extended -normal forms of a type of rank at most 2. Then there exists a closed term L of type ! depending only on , such that LM 6= LN .

2. Let M N be two di erent closed extended -normal forms of type 1 !

! n ! . Then there exist terms V1 : : : Vn , whose free variables have types of rank at most 1, such that MV1 Vn 6= NV1 Vn .


109

The statement follows from these claims, taking:

P = x:L(~y:xV1 Vn ) where ~y is a list of the free variables in V1 : : : Vn , and where L is relative to ~y:MV1 : : : Vn and ~y:NV1 : : :Vn . Both claims are proved by induction on the size of M N . For claim 1 let us x = 1 ! ! n ! . We pick free variables x : and g : ! ! and dene the following terms:

0=x

(i + 1) = (gxi) :

Suppose, say, that i = ! ! . Then we set:

Pi = y1y2:gi(gy1y2) : Finally, we take:

L = w:g:x:wP1 Pn which depends on only. Suppose, say, that M = ~x: xi(M1~x)(M2~x). Then: LM = gx:gi(g(M1P~ )(M2P~ )) :

If N has a di erent head variable, say xj , then similarly LN is -equal to a term which starts with gx:gj, which cannot be equal to a term starting with gx:gi (these prexes are preserved until the normal form is reached). Suppose thus that N has the same head variable, i.e. N = ~x: xi(N1~x)(N2~x). Since the type of xi has rank 1, M1~x has type , i.e. M1 has type . Similarly, M2 N1, and N2 have type . On the other hand M 6= N implies, say, M1 6= N1. We can thus apply induction to M1 and N1: M1P~ = LM1gx 6= LN1gx = N1P~ : On the other hand, since:

LN = gx:gi(g(N1P~ )(N2P~ )) LM = LN would imply M1P~ = N1P~ and M2P~ = N2P~ . Contradiction. We turn to the second claim. The interesting case is again when M and N have the same head variable. We suppose that M , N , and i are as above. Now M1~x is not necessarily of base type. By induction applied to M1 and N1, there is a vector U~ of terms U1 : : : Um such that M1U~ 6= N1U~ at type . In particular m n, where n is the length of ~x. We set (with h y1 y2 fresh and of rank at most 1): Vi = y1y2:h(y1Un+1 Um )(Uiy1y2)

110


and Vp = Up if p 6= i and p n. The trick about Vi is the following property: (?) Viuv:v=h] = Ui from which (M1V~ Un+1 Um)uv:v=h] = M1U~ follows, and similarly for N1. Therefore: M1V~ Un+1 Um 6= N1V~ Un+1 Um which entails the claim, since M V~ reduces to a term which starts with h(M1V~ Un+1 Um ) and similarly for N1. 2 We now show how theorem 4.5.9 yields Friedman's theorem as a corollary. All we have to check is that if two trees built only using application from variables g : ! ! and c : are di erent, then their semantics in F are di erent. We assume more precisely that D is !, and we pick a pairing function pair which is injective and such that: 8 m n (m < pair (m n) and n < pair (m n)) : Then we interpret g by (the curried version of) pair , and c by any number, say 0. It is easy to prove by induction that if s t are two distinct trees, then their interpretations are di erent, using these two properties of pair . This shows the hard implication in the equivalence stated in theorem 4.5.9, and completes thus our second proof of Friedman's theorem. We now come back to logical relations. As a second kind of application, we consider the so-called denability problem. Given an extensional model M, is it possible to characterize the elements d such that d = M ] for some closed M ? A positive answer was given by Jung and Tiuryn JT93]. It is an elegant construction, based on Kripke logical relations, which we dene next (in the particular setting we need). Denition 4.5.12 A Kripke logical relation over an extensional model M is given by a family of sets R~ (D~ ! D ) satisfying the following so-called Kripke-monotonicity condition: f 2 R~ ) (8 ~ 0 f 2 R~ ~ ) : where (d~ d~0) = d~. A Kripke logical relation is extended to all types as follows: f 2 R~ 1!2 , 8 ~ 0 g 2 R1 ~ d~d~0: f (d~)(g(d~ d~0)) 2 R2 ~ : 0

~

0

~

0

We write R for R~ when ~ is of length 0. An element d 2 D is called invariant under R if d 2 R . A Kripke C -logical relation is a Kripke logical relation such that c] is invariant for all c 2 C .


111

Each set R~ can be viewed as a relation over D whose arity is the cardinality of D~ . In this sense, Kripke logical relations are of variable arities. It is easy to check that Kripke-monotonicity extends to all types: f 2 R~ ) (8 ~0 f 2 R~ ~ ) : 0

Theorem 4.5.13 Let M be an extensional model. Then d is denable, i.e. d = M ] for some closed term M , if and only if d is invariant under all Kripke C -logical relations. Proof. ()) This is a variant of the fundamental lemma of logical relations. The statement needs to be extended to subscripts ~ and to open terms. The following extended statement is proved straightforwardly by induction on M . For any x1 : 1 : : : xn : n ` M : , for any ~, for any f1 2 R~ 1 : : : fn 2 R~ n : M ] hf1 : : : fni 2 R~ : (() We actually prove a stronger result. We exhibit a single Kripke logical relation which characterizes denability. This relation S is dened as follows:

S~ = f M ] j ~x : ~ ` M : g : The proof that S satises Kripke-monotonicity requires an additional assumption on the interpretation function in the concrete description of extensional model, which we detail now. If ~x : ~ ` M : is a provable judgment, then ~x : ~ x~0 : ~0 ` M : is also provable, for any ~0. We require: ~x : ~ x~0 : ~0 ` M : ] = ~x : ~ ` M : ] : Kripke monotonicity follows straightforwardly. We next claim: 8 ~ S~ = f M ] j ~x : ~ ` M : g : Then the statement follows, taking the empty ~. We prove the two inclusions of the claim by mutual induction on the size of the type , for = 1 ! 2: () By induction applied at 1 ($), we have: ~x : ~ y : 1 ` y : 1] 2 S~ 11 : Let f 2 S~ 1!2 . By denition of S at 1 ! 2, we have d~d1: f (d~)(d1) 2 S~ 21 : By induction applied at 2 (), there exists ~x : ~ y : 1 ` M : 2 such that, for all d~ d1: ~x : ~ y : 1 ` M : 2] (d~ d1) = f (d~)(d1) :

112


It follows that x:M ] = f . ($) Let ~x : ~ ` M : 1 ! 2. Let g 2 S~ 1 ~ . By induction applied at 1 (), there exists ~x : ~ x~0 : ~0 ` N : 1 such that g = N ] . We have to prove: ~x : ~ x~0 : ~0 ` MN : 2] 2 S 2~ 0

~

0

2

which holds by induction applied at 2 ($).

If we restrict our attention to terms whose type has at most rank 2, and if we require that the constants in C also have a type of rank at most 1, then we can get around variable arities. The following theorem is due to Sieber. It was actually obtained before, and provided inspiration for, theorem 4.5.13. Given an extensional model M = fD g, and a function f 2 D , given a matrix fdij gipjn , we wonder whether there exists a closed term M such that, for each line of the matrix, i.e., for all i p: M ] (di1) (din ) = f (di1 ) (din ) and we consider to this aim C -logical relations of arity p, containing the columns of the matrix. If we can exhibit such a logical relation which moreover does not contain the vector (f (d11) (d1n ) : : : f (dp1) (dpn)), then the answer to our question is negative, by the fundamental lemma. Sieber's theorem asserts that this method is complete. Theorem 4.5.14 Consider a set C of constants whose types have at most rank 1. Let M be an extensional model for &(C ), and let = 1 ! ! n ! be a type with rank at most 2. Let fdij gipj n be a matrix where dij 2 D j , for any i j , and let, for all i p:

ei = f (di1) (din ) : The following properties are equivalent: (1) There exists ` M : such that, for all i p:

M ] (di1) (din ) = ei : (2) For every p-ary C -logical relation R, the following implication holds: (z) (8 j n (d1j : : : dpj ) 2 R j )

)

(e1 : : : ep) 2 R :

(3) The logical relation S dened at by:

S = f(a1 : : : ap) j 9 ` N : 8 i p N ] (di1) (din ) = aig contains (e1 : : : ep).


113

Proof. (1) ) (2) This implication holds by the fundamental lemma.

(2) ) (3) Suppose that we have shown that S is C -logical. Then, by (2), S satises (z). The conclusion will follow if we prove that S in fact satises the hypothesis of (z). If N and (a1 : : : ap) are as in the denition of S , it is convenient to call N a witness of (a1 : : : ap). If (d1j : : : dpj ) is at base type, then we take ~x:xj as witness. If (d1j : : : dpj ) have types of rank at most 1, say 2, we have to check, for any (a1 : : : ap) (b1 : : : bp) 2 S : (d1j (a1)(b1) : : : dpj (ap)(bp)) 2 S : Since ~a and ~b are at base type (this is where we use the restriction on types of rank 2 in the statement), by denition of S there are witnesses N and P for them. Then ~x:xj (N~x)(P~x) is a witness for (d1j (a1)(b1) : : :dpj (ap)(bp)). The argument to show that S is C -logical is similar to the argument just used (left to the reader). (3) ) (1) Obvious by denition of S . 2 If the base domain D is nite, then all the D 's are nite, and the complete behaviour of f can be described by a matrix. By the characterization (2) of theorem 4.5.14, the denability problem is then decidable at rank at most 2: try successively all C -logical relations R (there are nitely many of them). The following proposition, due to Stoughton Sto94], paves the way towards a more realistic decision procedure. We call intersection of two logical relations S1 and S2 the relation S3 dened at by:

S3 = S1 \ S2 : We write S3 = S1 \ S2. We can similarly dene an arbitrary intersection of logical relations. When C consists of constants whose types have at most rank 1, then any intersection of C -logical relations is C -logical.

Proposition 4.5.15 The relation S in theorem 4.5.14(3), is jthe intersection of all the C -logical relations satisfying 8j n (d1j : : : dpj ) 2 R . Proof. Let S 0 be the intersection mentioned in the statement. We have S 0 S . Conversely, if (a1 : : : ap) 2 S , then, by denition of S , there exists an N such that 8 i p ` N ] (di1) (din ) = ai, which implies (a1 : : : ap) 2 S by the fundamental lemma, and by the denition of S 0. 2

By this proposition, it is enough to construct progressively S 0, starting from the assumptions that S 0 contains the vectors (d1j : : : dpj ) (j n). If the construction nishes without having met ~e, then there is no M for f and fdij gipjn . We illustrate this with an example which will be important in the sequel.

114


Very Finitary Pcf. We set C = f? > if then g. We set D = O, the at

domain f? >g, and we build the model in the category of partial orders and monotonic functions. The meanings of ` ? : and ` > : are ? 2 D and > 2 D . The last constant is a unary test function: if ? then d = ? if > then d = d : This language is known as Very Finitary Pcf (Finitary Pcf is coming next, and Pcf is the subject of chapter 6). We claim that there is no closed term M in this language such that: M ] (?)(>) = > M ] (>)(?) = > M ] (?)(?) = ? : We begin the construction of S 0. It should contain the two columns (? > ?) and (> ? ?). Since it has to be a C -logical relation, it also has to contain (? ? ?) and (> > >). It is easy to see that this set of pairs makes if then invariant. We have completed the denition of S 0. Since S 0 does not contain (> > ?), there is no M meeting the above specication. On the other hand, if the decision procedure yields a positive answer, it would be nice to produce the dening term as well. Here is an indication of how this may be done. We refer to Sto94] for details. We now consider a function F : ( ! ! ) ! such that: F (g1) = > F (g2) = > F (?) = ? where g1 is a function such that g1(>)(?) = >, g2 is a function such that g2(?)(>) = >, and ? is the constant ? function. We exhibit a closed term M such that: M ] (g1) = > M ] (g2) = > M ] (?) = ? : We begin the construction of S 0 as we did in the previous example, but now we build pairs (d~ P ), where d~ is a member of S 0, and where P is a term. We start with ((? ? ?) ?), ((> > >) >), and ((g1 g2 ?) g), where g is a variable of type ! ! . By denition of a logical relation, S 0 has to contain: (g1(>)(?) g2(>)(?) ?(>)(?)) = (> ? ?) : We form the pair ((> ? ?) g(>)(?)) to keep track of how we obtained this new vector. Similarly, we obtain ((? > ?) g(?)(>)). Finally, taking these two new vectors as arguments for g, we build the vector which we are seeking: ((> > ?) g(g(>)(?))(g(?)(>))) : The term M = g:g(g(>)(?))(g(?)(>)) satises the requirements, by construction.


115

Finitary Pcf. The same counter-example and example also live in the follow-

ing language, called Finitary Pcf. We now set C = f? tt if then else g. We set D = B? , the at domain f? tt g. Again, we build the model in the category of partial orders and monotonic functions. The meanings of ` ? : , ` tt : , and ` : are ? 2 D , tt 2 D , and 2 D . The last constant is the usual conditional: if

?

then d else e = ? if tt then d else e = d if then d else e = e :

The advantage of Finitary Pcf (and of its associated model) over Very Finitary Pcf is that it allows for an elegant characterization of the C -logical relations (also due to Sieber), which we give now.

Denition 4.5.16 ((Sieber-)sequential) The C -logical relations for Finitary Pcf and its monotonic function model are called sequential relations. Consider n over B? , where A B f1 : : : ng: the following n-ary relations SAB n (d1 : : : dn ) 2 SAB

,

(9 i 2 A di = ?) or (8 i j 2 B di = dj ) :

A Sieber-sequential relation is an n-ary logical relation S such that S is an n . intersection of relations of the form SAB

The word \sequential" will be justied in section 6.5.

Theorem 4.5.17 A logical relation over Finitary Pcf is sequential if and only

if it is Sieber-sequential.

(() All base type constants are invariant, since constant vectors satisfy trivially n . We check only that the conditional the second disjunct in the denition of SAB is invariant. If its rst argument d = (d1 : : : dn ) satises the rst disjunct, or the second disjunct with the common value equal to ?, then the result vector e = (e1 : : : en) satises the same property by strictness of the conditional function. Otherwise, if, say, di = 0 for all i 2 B , then the coordinates ei for i 2 B are those n . of the second argument. Since A B , this entails e 2 SAB n 's ()) Let R be n-ary and sequential, and let S be the intersection of all SAB containing R . We prove S R . We pick d = (d1 : : : dn ) 2 S , and we show, by induction on the size of C f1 2 : : : ng: 9 e = (e1 : : : en ) 2 R

(8 i 2 C ei = di) :

If C = fig is a singleton, then we choose e = (di : : : di). We suppose now that ]C 2, and we distinguish cases. 1. di = ? for some i 2 C :

116

CHAPTER 4. INTERPRETATION OF -CALCULI IN CCC'S (a) R SCn nfigC : Then d 2 SCn nfigC , by denition of S , and either dk = ? for some k 2 C nfig, or all dj 's are equal, for j 2 C . Since di = ?, the latter case is rephrased as: all dj 's are ?. Recalling that ]C 2, we have thus, in either case: 9 k 2 C nfig dk

=?:

We apply induction to both C nfig and C nfkg, obtaining v 2 R and w 2 R , respectively. There are again two cases: i. If vi = di (= ?), then v works for C . ii. If vi 6= ?, say, vi = tt , consider the term:

M = xy: if x then y else x and set:

f = M ] and e = (f (v1)(w1) : : : f (vn)(wn )) : First, e 2 R by sequentiality of R. Second, we show that e coincides with d over C . By denition of M , for any x y, we have f (x)(y) = x or f (x)(y) = y. This implies that e does the job over C nfi kg, over which v and w coincide. Since v coincides with d over C nfig, we have vk = dk = ?, hence f (vk )(wk ) = ? = dk , since f is strict in its rst argument. Finally, since vi = tt , we have f (vi)(wi) = wi = di. (b) R 6 SCn nfigC : Let u 2 R nSCn nfigC . By denition of SCn nfigC , there exists k 2 C such that uk 6= ui (negation of 8 j k 2 C uj = uk ) uk 6= ? (negation of 9 j 2 C nfig uj = ?) : We suppose, say, that uk = tt . Let, as in the previous case, v and w be relative to C nfig and C nfkg, respectively. We now consider the term N = xyz: if x then y else z, and we set:

g = N ] and e = (g(u1)(v1)(w1) : : : g(un )(vn)(wn)) : We check that e works for C . Let j 2 C nfig, since u 62 SCn nfigC , we have uj 6= ?. Hence g(uj )(vj )(wj ) passes the test, and is either vj or wj . For j 2 C nfi kg, both are equal to dj . Suppose now that j = k. We have g(uk )(vk )(wk ) = vk = dk . Finally, let j = i. We know from above that ui 6= uk . If ui = ?, then g(ui)(vi)(wi) = ? = di since g is strict in its rst argument. If ui 6= ?, then ui = , hence g(ui)(vi)(wi) = wi = di.


117

2. 8 i 2 C di 6= ?: We treat this case more briey. There are two cases: n : Then d 2 S n by the denition of S , and we can take a (a) R SCC CC constant vector e. n : We take u 2 R such that u 6= ? for all i 2 C and such (b) R 6 SCC i that ui 6= uj are di erent for some i j in C , say, ui = tt and uj = . Let: C1 = fk 2 C j uk = uig C2 = fk 2 C j uk = uj g : We can apply induction to C1 and C2, obtaining v and w. Then the proof is completed with the help of N = xyz: if x then y else z. 2 Here is an example of the use of Sieber-sequential relations, taken from Sie92]. Exercise 4.5.18 Show that there is no term of Finitary Pcf of type ( ! ! ) ! such that:

F (g1) = tt F (g2) = tt F (g3 ) = tt F (?) = ?

where g1 g2 g3 are such that:

g1(?)( ) = tt g1 ( )(tt ) = tt g2(tt )(?) = tt g3(?)(tt ) = tt : Hints: (1) Notice that (0 0 0 ?) 62 Sf4123gf1234g. (2) The relations Sf412gf12g and Sf413gf13g arise when trying to prove that (g1 g2 g3 ?) 2 Sf4123gf1234g.

Exercise 4.5.19 Let g1 g2 be the functions whose minimal points are described by:

g1 ( )(?)(?) = g1(tt )(tt )(tt ) = tt g2 (?)( )(?) = g2(tt )(tt )( ) = tt : Show that there is no closed term M of Finitary Pcf of type ( ! ! ! ) ! such that g1 and g2 are the only minimal points of M ] . Generalise this to rst-order functions g1 et g2 (of the same type) whose minimal points are described by: g1 (A0) = a0 g1(B0) = b0 g2 (A1) = a0 g2(B1) = b1 where a0 6= b0, a0 6= b1, A0 " A1 (i.e. 9 A A A0 A1), B0 6" B1 , B0 6" A1 and A0 6" B1 . (Hint: Find g3 such that (g1 g2 g3) 2 Sf312gf123g.) It is presently unknown whether the denability problem for Finitary Pcf is decidable at all types. (See also the related open problem at the end of section 6.4.) On the other hand, Loader has shown that denability is undecidable for \Finitary -calculus", that is, -calculus without constants, and whose base types are interpreted by nite sets Loa94].

118


4.6 Interpretation of the Untyped -Calculus

We recall the grammar and the basic computation rule of the untyped -calculus (cf. chapter 2).

Terms :

v ::= x j y j : : : M ::= v j (v:M ) j (MM ) -reduction : (x:M )N ! M N=x] : In order to use the work done in the typed case, it is useful to represent the untyped calculus as a typed calculus with a special type , and the following typing rules: x : 2 ; ; x : ` M : ; ` M : ; ` N : ; ` x : ; ` x : :M : ; ` MN : Observe that if a type ! could contract into a type in the introduction rule, and vice versa, if the type could expand into a type ! in the elimination rule, then we would have the same rules as in the simply typed -calculus. In other words, we can apply the standard apparatus provided we have a type whose elements can be seen both as arguments and as functions. The following denition makes this intuition formal.

Denition 4.6.1 An object D in a CCC C is called reexive if there is a pair (i j ), called retraction pair, such that:

i : DD ! D j : D ! DD j i = id : We simply write DD / D to indicate the existence of a retraction pair.

The domain-theoretical construction described in section 3.1 can be used to build reexive objects in the category of cpo's. Next, we describe a di erent construction with a set-theoretical avour that serves the same purpose. The resulting models are usually called graph-models.

Example 4.6.2 (graph-model) Let A be a non-empty set equipped with an in-

jective coding h i : Pfin(A) A ! A In the following we denote with a b : : : elements of A with : : : elements of Pfin (A) and with X Y : : : elements of the powerset P (A). We dene for f 2 DcpoP (A) P (A)]:

Graph(f ) = fh ai j a 2 f ()g 2 P (A) : Vice versa for X 2 P (A), we dene Fun(X ) : P (A) ! P (A) as follows:

Fun(X )(Y ) = fa j 9 (h ai 2 X and Y )g :

4.6. INTERPRETATION OF THE UNTYPED -CALCULUS

119

Proposition 4.6.3 Given any non-empty set A with an injective coding h i : Pfin (A) A !

A the complete lattice P (A), ordered by inclusion, is a re exive object in Dcpo, via the morphisms Graph and Fun. Proof. We take the following elementary steps:

Graph is monotonic: f g ) Graph(f ) Graph(g). W Graph preserves directed lub's, namely ffi gi2I directed implies Graph( i2I ffi g) S W W i2I Graph(fi ). We observe h ai 2 Graph( i2I ffi g) i a 2 ( i2I ffi g)() = S i2I fi () i a 2 fi (), for some i 2 I . Fun is monotonic in both arguments: if X X 0 , Y Y 0 then Fun(X )(Y ) Fun(X 0)(Y 0). Fun is continuous in both arguments: if fXi gi2I , fYj gj 2J are directed then Fun(Si2I Xi)(Sj2J Yj ) Si2Ij2J Fun(Xi)(Yj ). (Graph Fun) is a retraction: Fun(Graph(f ))(X ) = f (X ). Notice that this is the only condition that depends on the assumption that the coding is injective. 2

The construction of the graph-model is parametric with respect to the choice of the set A and of the coding h i. If we dene a coding h i : Pfin(!) ! ! ! where ! is the collection of natural numbers, then we obtain a family of reexive objects also known as P (!) graph-models.

Exercise 4.6.4 Build an example of a coding h i : Pfin(!) ! ! !. The so called DA graph-models are obtained by a \free construction" of the coding function. Let At be a non empty set. We suppose that elements in At are atomic, in particular they cannot be regarded as pairs. Dene: 8 > < A0 = At A = An f( a) j 2 Pfin(An) a 2 Ang > : An+1 = Sn
Exercise 4.6.5 Verify that h i : Pfin(A) A ! A dened as h ai = ( a) is the desired coding.

Having veried the existence of various techniques to build reexive objects in CCC's, we introduce in gure 4.7 the interpretation of the untyped -calculus in these structures. This is the same as the interpretation of the simply typed -calculus up to insertion of the maps i j which collapse the hierarchy of types to D. The notion of -theory (cf. denition 4.4.1) is readily adapted to the untyped case.

120

CHAPTER 4. INTERPRETATION OF -CALCULI IN CCC'S (Asmp) x1 : : : : xn : ` xi : i] = ni (!I ) ; ` x : :M : ] = i &(; x : ` M : ] ) (!E ) ; ` MN : ] = ev hj ; ` M : ] ; ` N : ] i Figure 4.7: Interpretation of the untyped -calculus in a CCC

Denition 4.6.6 Let T be a collection of judgments of the shape ; ` M = N :

such that ; ` M : and ; ` N : . T is an untyped -theory if it is equal to the smallest set containing T and closed under the rules obtained from gure 4.6 by replacing all types with the type .

Every interpretation induces an untyped -theory. Theorem 4.6.7 Let C be a CCC with a re exive object D and ] be an interpretation of the untyped -calculus dened over C in the sense of gure 4.7. Then the following collection is an untyped -theory Th(C) = f; ` M = N : j ; ` M : ; ` N : ; ` M : ] = ; ` N : ] g : Proof hint. The proof of this result follows the same schema as in the typed case. The crucial point is to verify the substitution theorem. 2 Next we describe a general construction, called Karoubi envelope that given a reexive object D in a CCC, produces a new CCC of retractions over D. Apart for its intrinsic interest, this construction can be adapted to reverse the previous theorem, namely to show that every untyped -theory is the theory induced by a reexive object in a CCC a result very much in the spirit of theorem 4.4.4. The construction is similar to that described next in the proof of theorem 4.6.9. The di erence is that rather than starting with a reexive object in a CCC one starts from a -theory and the related monoid of terms and composition (see Sco80] for details). Denition 4.6.8 (Karoubi envelope) Let C be a CCC and D be a re exive object in C. The Karoubi envelope is the category Ret(D) of retractions over D dened as follows: Ret(D) = fr : D ! D j r r = rg Ret(D)r s] = ff : D ! Djs f r = f g : Theorem 4.6.9 If C is a CCC and (D i j ) is a re exive object in C then Ret(D) is a CCC.

4.6. INTERPRETATION OF THE UNTYPED -CALCULUS

121

Proof. The proof is a matter of translating -calculus encodings into the cate-

gorical language and checking that everything goes through. Here we just remind the reader of the encoding. When we write -terms for building morphisms it is intended that one has to take the interpretations of such -terms. In the untyped -calculus we can dene a xed point combinator Y = f:(x:f (xx))(x:f (xx)), and terms for pairing and projections: ] = x:y:p:pxy p1 = p:p(x:y:x) p2 = p:p(x:y:y)

so that p1x y] = x, p2x y] = y. Terminal Object. In a CCC we have a unique morphism # : D ! 1. Moreover if we take Y (x:x) we get a morphism from 1 to D. From this follows 1 / D. Then we take the retraction determined by 1 as the terminal object in Ret(D). Product. The pairing and projections dened above show that D D / D via a retraction that we denote with h i : D D ! D, (1 2) : D ! D D. If r and s are retractions then we dene their product as:

r s = x:hr(1(x)) s(2(x))i :

Exponent. If r and s are retractions then dene their exponent as:

r ! s = x:i(s j (x) r) :

2

As a second application of the category of retractions, we use Ret(D) as a frame for an abstract formulation of Engeler's theorem Eng81] on the embedding of algebras in -models. In the following, C is a CCC with enough points (cf. denition 4.5.4) and D is a reexive object in C. Let ! fini gi2I be a nite signature, that is a nite collection of names of operators i with the relative arity ni. We are interested in a notion of !-algebra in which the carriers are objects in Ret(D) and the operators are maps in Ret(D) of the appropriate type.

Denition 4.6.10 (!D -algebra) A !D -algebra is a pair (r ffigi2I ) where r 2 Ret(D), and for all i 2 I , fi : Dni ! D, rni stands for r r ni times, and

r fi rni = fi. A morphism of !D -algebras h : (r ffigi2I ) ! (r0 fgigi2I ) is a morphism h : D ! D such that r0 h r = h, and for all i 2 I , h fi rni = gi (h r)ni .

Theorem 4.6.11 (embedding !D -algebras) There is a !D -algebra (id fFigi2I ) such that any other !D -algebra (r ffigi2I ) can be embedded into it by a monomorphism.

122


Proof. For the sake of simplicity we just consider the case ! = f 2 g. Assume

that h i, and 1, 2 are, respectively, the pairing and the projections denable in the -calculus as in the proof of theorem 4.6.9. We take F = (x1 x2):(2x1)x2 . We note that recursive denitions are available in the untyped -calculus thanks to the xed point combinator. Given the !D -algebra (r ff g) we dene recursively a morphism : D ! D as follows:

(a) = ha x:(f (a 1x))i : The basic idea of the embedding is to put into the data the information on the behaviour of the operations dened on them. In the rst place let us observe that is a mono as (we use the enough points hypothesis):

(a) = (b)

)

a = 1((a)) = 2((b)) = b :

Clearly r : r ! id in Ret(D) as r = id r r. Also since r(f (rx ry)) = f (rx ry) we have:

F ((ra) (rb)) = (x:(f (ra 1x)))(rb) = (f (ra 1(rb))) = (f (ra rb)) = ( r)(f (ra rb)): Therefore r : (r ff g) ! (id fF g) is a !D -algebras mono-morphism.

2

Remark 4.6.12 The following describes a schema for coding nite signatures which suggests how to generalize the previous proof. Given ! = f f11 : : : fnn g dene: (a) = ha h(f1 a) hx:(f2 a(1x)) where:

hx1 : : : xn :(fn a)(1x1) (1xn ) #i i

F1 = x:1(2(2x)) F2 = x:1(2(2(2x)))

Fn = x:1(2 (2x) ) with n + 1 2's :

Chapter 5 CCC's of Algebraic Dcpo's In this chapter, we provide a ner analysis of algebraicity. The central result { which was conjectured by Plotkin and was rst proved in Smy83a] { is that there exists a maximum cartesian closed full subcategory (full sub-CCC) of !Acpo (the category of !-algebraic cpo's). Jung has extended this result: he has characterised the maximal cartesian closed full subcategories of Acpo and Adcpo (and of !Adcpo as well). In section 5.1, we dene continuous dcpo's. Theyr are dcpo's where approximations exist without being necessarily compact. Continuous lattices have been investigated in depth from a mathematical perspective GHK+80]. Our interest in continuous dcpo's arises from the fact that retracts of algebraic dcpo's are not algebraic in general, but are continuous. Much of the technical work involved in our quest of maximal full cartesian closed subcategories of (d)cpo's involves retracts: they are smaller, hence easier to work with. In section 5.2, we introduce two cartesian closed categories: the category of pronite dcpo's and the category of L-domains, both with continuous functions as morphisms. In section 5.3, we show that the algebraic L-domains and the binite domains form the two maximal cartesian closed full subcategories of Acpo, and derive Smyth's result for !Acpo with little extra work. In section 5.4, we treat more sketchily the situation with Adcpo. The material of sections 5.3 and 5.4 follows Jun88]. In section 5.5, we show a technical result needed in section 5.3: a partial order is a dcpo if and only if all its well-founded subsets have a lub.

5.1 Continuous Dcpo's In order to dene algebraic dcpo's, we rst introduced the notion of compact element, and then we dened algebraicity. The denition of continuous dcpo's is more direct, and more general. 123

CHAPTER 5. CCC'S OF ALGEBRAIC DCPO'S

124

Denition 5.1.1 (continuous dcpo) Let D be a dcpo. For elements x y 2 D,

we say that x is way-below y, and write x % y , if _ directed y ) 9 2 x : D is called continuous if for any x in D, + x = fy j y % xg is directed and has x as lub. Notice that by denition x is compact i x % x. We leave the proof of the following easy properties as an exercise: If x % y then x y: If x0 x % y y0 then x0 % y0: Clearly, algebraic dcpo's are continuous, but the converse does not hold. Exercise 5.1.2 (cont-nonalg) Show that the interval 0 1] of real numbers is continuous but not algebraic. Hint: Prove that x " y i x = 0 or x < y . Lemma 5.1.3 In a continuous dcpo, x % y holds i the following implication holds: _ directed y = ) 9 2 x : W Proof. Suppose y = ) 9 2 x , for all . Since y = W(+ y), we have x y0 for some y0 % y. Hence x % y since x y0 % y. 2 W Lemma 5.1.4 Let D be a dcpo W and x 2 D. If + x is directed and x = , then + x is directed and x = (+ x). Proof. If y % x, y 0 % x, then by denition y a, y 0 a0 for some a a0 2 . By directednessWwe have a a0 y00 for some y00 2 . HenceWy y0 Wy00 2+ x. The inequality x (+ x) follows from the obvious inequality (+ x). 2

The density property of the real line is generalised as follows. Lemma 5.1.5 (interpolation) In a continuous dcpo D, if x % y , then there exists z 2 D such that x % z % y. Proof. Consider W = fa 2 D j 9 a0 2 D a % a0 % y g. If we show that is directed and = y, then we can conclude, since by denition x % y implies x a for some a 2 , hence x 2 . The set is non-empty, since the directedness of + y implies a fortiori its non emptyness. Thus one can nd at least an a0 % y, and then at least an a % a0. Suppose that a % a0 % y and b % b0 % y. By directedness, there exists c0 2 D such that a0 b0 c0 % y. Hence a b % c0, and by directedness again a b c % c0 for some c, which is in since c %W c0 % Wy. Hence is directed. Since a % a0 % y implies aW % y, we haveW + y . Conversely, if y 0 % y , then + y 0 , hence W W + y = y 2+y + y 0 . 2 0

5.1. CONTINUOUS DCPO'S

125

Lemma 5.1.6 In a continuous dcpo D, minimal upper bounds (mub's) of nite sets of compact elements are compact.

Proof. Let A K(D) be nite, and x 2 MUB (A). Let a 2 A. Since a % a x,

we have a % x. By directedness there exists x0 2+ x \ UB (A). Then x0 x and x 2 MUB (A) imply x0 = x. Finally, x = x0 % x means exactly that x is compact. 2

We move on to retractions and projections (cf. denition 3.1.2, and exercise 4.6.9, which shows important ways of constructing retractions out of other retractions).

Denition 5.1.7 (retraction, projection) In a category, an arrow r : D ! D is a retraction, or an idempotent, if r r = r. In Dcpo the image of a retraction, endowed with the induced ordering, is called a retract. If a retraction r is such that r id, we say that r is a projection.

Projections are determined by their images. Proposition 5.1.8 For two projections p, p0 over the same dcpo D, one has p p0 i p(D) p(D0 ). Proof. Suppose p p0 . If y 2 p(D), then y = p(y ) p0 (y ) y since p p0 id , hence y = p0(y) 2 p0(D). Conversely, notice that for any projection p and any x 2 D one has p(x) = maxfy 2 p(D) j y xg. Then p p0 follows obviously. 2

Lemma 5.1.9 Fix a dcpo D and x 2 D.

1 : # x is a retract of D: 2 : If x is compact, then " x is a retract of D:

Proof. (1) # x = r(D) where

(

yx r(y) = yx ifotherwise :

W W We check that r is continuous. If x, then 8 2 x, hence r( )= W W W = Wr( ). If 6 x, then 9 2 6 x. Then we have r( ) = x, which W implies r( ) = x = r( ). (2) If x = d is compact, we have " d = s(D) where (

xd s(x) = xd ifotherwise :


126

If WW Wd, then 9 2 d W . We W set 0 0 s( ) =W s( ), we deduce s( ) = s( W). so that s( ) = d and s( ) = fdg, hence s(

0 = \ " since obviously If W W 6 d, then 8 2 6 d, ) = s( ). 2

Retractions are at the heart of our interest in continuous dcpo's. Indeed, retracts of algebraic dcpo's are not algebraic in general, but only continuous (see exercise 5.1.11).

Proposition 5.1.10 (continuous retracts) A retract r(D) of a dcpo D is a subdcpo. If D is continuous, then r(D) is continuous.

r(D) be directed. Then r(W ) = W r( ) = W , since 8 2 r( ) = . Suppose that x % y 2 r(D). We show that r(x) is way-below W y in r(D). If y , with r(D), then x W% y implies x for some 2 hence r(x) r( ) = . Since y = r(y) = r( + y) = Wfr(x) j x % yg, we conclude by lemma 5.1.4. 2

Proof. Let

Exercise 5.1.11 Show that any continuous dcpo D is isomorphic to a projection of Ide (D).

We end the section with a topological exercise. Continuous lattices were met (and named so) by Scott in his quest of spaces whose topology could be entirely understood from an underlying partial order Sco72].

Exercise 5.1.12 Let D be a continuous cpo. Show the following properties: 1 : * x is Scott open, and these opens form a basis of Scott topology: W V 2 : If D is a complete lattice, then 8 x 2 D x = f U j x 2 U g: 3 : x " y , y 2 (" x) (the interior of " x):

Exercise 5.1.13 (injective spaces) A topological space D is called injective if whenever X 2 Top, Y X , and f : Y ! D are given, with f continuous for the induced

subspace topology, there exists a continuous extension f : X ! D of f . Show that the following properties are equivalent for a T0 space: 1 : D is injective 2 : D is a retract of a product of copies of O 3 : D is a continuous lattice and its topology is Scott topology: Hints: Every space X is homeomorphic to a subspace of a product (U 2 X O of copies of O. An injective subspace Y of a space X is a retract of X : take id Y : X ! Y . O is continuous, and continuous lattices are stable under products and retractions (cf. proposition 5.1.10). If D is a continuous lattice, Y X , and f : Y ! D, then dene f by: f (x) = WfVff (y) j y 2 Y \ U g j x 2 U g.

5.2. BIFINITE DOMAINS AND L-DOMAINS

5.2 Binite Domains and L-Domains

127

Recall that, if D and E are algebraic, then the step functions d ! e are compact (lemma 1.4.8) , but D ! E need not be algebraic (exercise 1.4.15). One way to ensure algebraicity is to impose bounded completeness (theorem 1.4.12) on D and E . But this assumption can be weakened. Denition 5.2.1 Let (P ) be a preorder, and let A P . The set of minimal upper bounds (mub's) of A is denoted MUB (A), and is called complete if 8 y 2 UB (A) 9 x 2 MUB (A) x y: Consider a continuous function f , and two step functions d ! e f , d0 ! 0e f . We want to constuct a compact upper bound h of d ! e and d0 ! e0 such that h f . Suppose that MUB (d d0) is complete. Then we may choose e00 such that e00 f (d00) for each d00 2 MUB (d d0), and set h1(d00) = e00. In general, one has to consider in turn the compatible pairs d001 d002 2 MUB (d d0), leading to the construction of a new function h2, and so on. At each step we have by construction hn f . There are two di erent further assumptions that allow us to stop this chain, and to ensure that each hn is monotonic (which implies its continuity by construction) and compact. 1. Strengthen the completeness assumption to: 8 y 2 UB (d d0 ) 9 !x 2 MUB (d d0 ) x y: Then the sequence of the hn 's stops at h1, since there are no compatible distinct minimal upper bounds of fd d0g. Moreover, the above e00 can be dened canonically as the only member of MUB (e e0) below f (dW00). This canonicity allows us to prove that h1 is compact (hint: if h1 , take f 2 such that e f (d) and e0 f (d0 ), and show h1 f ). 2. Impose niteness conditions on minimal upper bounds: if MUB (d d0 ) is nite, and if the process of taking minimal upper bounds of minimal upper bounds, and so on, terminates, then the above construction stops at some hn. Moreover the niteness of the description of hn allows to prove that it is compact. This discussion had only a motivating purpose, since we only addressed the construction of a compact upper bound of compacts of the form d ! e, not of any pair of compact approximations of f . The two kinds of assumptions correspond to L-domains and pronite domains, respectively. The rest of the section is devoted to their study. We rst introduce the pronite dcpo's (a terminology due to Gunter) and show that they form a cartesian closed full subcategory of Adcpo. We recall that Dcpo is a cartesian closed category and that lub's of functions are dened pointwise.


128

Denition 5.2.2 (pronite) Let D be a dcpo D. A projection is called nite if

its image is nite. We say that D is pronite if the nite projections p : D ! D form a directed set whose lub is the identity. We denote with Prof the category of pronite dcpo's and continuous functions. A pronite dcpo which is moreover a cpo is called binite. We denote with Bif the full subcategory of binite cpo's.

The terminology \binite", due to Taylor, comes from a more categorical characterisation of pronite and binite dcpo's to be found in chapter 7: they are limits and colimits at the same time (whence \bi") of families of nite (d)cpo's. The binite domains have been rst explored in Plo76], under the name SFP (Sequence of Finite Projections). The following proposition justies the name of nite projections.

Proposition 5.2.3 Let D be a cpo and p : D ! D be a projection such that im(p) is nite. Then every element in im(p) is compact in D and p is compact in D ! D. Moreover, if D is binite, then all compact projections over D have a nite image.

Proof. We suppose x = p(x) and x

_

W , with _

directed in D ! D. Then: _

x ) x = p(x) p( ) = p( ) W Since im(p) is nite, there W is 2 such that p( ) = p( ), hence x p( ) . Next, we suppose p , with directed set in D. We have just proven that: 8x 2 im(p) 9 x 2 (x = p(x) x (x)) Since im(p) is nite, we have that 9 2 8x 2 im(p) (x (x)). WHence 8y (p(y ) (p(y )) (y )). Finally, suppose D is binite, say id = i2I pi with im(pi) nite. Let p be a compact projection. Then p = Wi2I (pi p), and there is i such that p pi p id p p. Hence p = pi p and im(p) im(pi) which is nite. 2

Proposition 5.2.4 (pronite - CCC) 1. Every pronite dcpo D is algebraic,

with: 2. Pronite dcpo's (binite cpo's, respectively) and continuous maps form a cartesian closed category. W Proof. (1) If D is pronite, then x = fp(x) j p nite projectiong, for any xW. It is enough to show that pW(x) is compact, for any nite projection p. If p(x) , then (x)) p( ). Since p( ) is nite, there exists 2 such that W p( p)(x=) p=( p).(pThen p(x) p( ) .

(2) It is enough to check that if D E 2 Prof are pronite, then D E D ! E 2 Prof. For D E , take the set of projections p q = hp 1 q 2i, where


129

p, q are nite projections. For D ! E , dene, for any pair of nite projections p, q on D, E : r(f ) = (x 7! q(f (p(x)))) (cf. exercise 4.6.9) Clearly f is the lub of these r(f )'s. As for the niteness of im (r), observe: there are nitely many functions from p(D) to q (E ) every f such that r(f ) = f restricts to a function f : p(D) ! q (E ), and is determined by this restriction, because f (x) = f (p(x)) for any x. 2 When there are only denumerably many nite projections, a pronite dcpo is called !-pronite. This name is justied by the following exercise.

Exercise 5.2.5 Show that an !-pronite dcpo is !-algebraic. We shall give an alternative characterisation of pronite dcpo's.

Denition 5.2.6 (properties m, M ) We say that a partial order (Y )

satises property m (notation Y j= m) if for all X n Y the set MUB (X ) of mub's of X is complete, i.e., (8 y 2 UB (X ) 9 x 2 MUB (X ) x y ):

satises property M (notation Y j= M ) if it satises property m, with the additional condition that MUB (X ) is nite for any nite subset X .

Theorem 5.2.7 Let D be an algebraic cpo. D is a binite domain i the following properties hold:

1. K(D) j= m, 2. U 1 (X ) = Sn2! U n (X ) is nite for any nite subset of compact elements X ,where U is an operator on subsets dened by U (X ) = fMUB (Y ) j Y n X g: Proof. Notice that in particular, X U (X ) for any X , and MUB (X ) U (X )

if X is nite. Therefore properties (1) and (2) imply that K(D) j= M 1. . ()) Let D be a binite domain. We recall that K(D) = Sfp(D) j p nite projectiong. If X n K(D), then X p(D) for some p, by directedness and proposition 5.1.8. Call Z the set of mub's of X in p(D), which exists, is nite, and is complete in 1

Algebraic dcpo's D such that K(D) satises property M are sometimes called 2/3 SFP.

130


p(D), since p(D) is nite. We rst show: Z MUB (X ). Indeed suppose z 2 Z , z0 2 UB (X ), and z0 < z. Then p(z0) 2 UB (X ) since p(X ) = X p(z0) < z since p(z0) z0 : This contradicts the denition of Z . Thus Z MUB (X ). We next show that Z is a complete set of mub's of X in D. Take y 2 UB (X ) then, as argued above, p(y) 2 UB (X ), and by completeness of Z one may nd z 2 Z such that z p(y), and a fortiori z y. The completeness of Z forces Z = MUB (X ). Therefore MUB (X ) is nite and complete, and MUB (X ) p(D). Similarly, MUB (Y ) p(D) for any Y n X . From there we deduce that U n(X ) p(D) for any n, observing that each subset of X is a fortiori included in p(D). (() Let A be a nite set of compacts. Then we claim: 8 y 2 D U 1 (A)\ # y is directed (i.e., according to a terminology which will be introduced in denition 7.4.6, U 1 (A) is normal). This is shown as follows: if x x0 2 U 1(A)\ # y, then MUB (x x0) U 1 (A), and by completeness MUB (x x0)\ # y 6= . By the claim we can set _ pA (y) = (U 1(A)\ # y): It is left to the reader to check that this gives a directed set of nite projections having id as lub. 2 Notice that, in the proof of ((), we have used only mub's of pairs. The following result goes in the same direction.

Lemma 5.2.8 Let (D ) be a partial order. If MUB (X ) is complete and nite for every subset X such that ]Y every nite subset X .

2, then MUB (X ) is complete and nite for

Proof. Let X = fa1 : : : an g. We construct

M2 = MUB (a1 a2) : : : Mn =

MUB (x an):

x2Mn

1

;

If x is an upper bound of X , then by completeness x dominates an element of M2. Continuing in the same way, we nd an element y of Mn below x. Suppose moreover x 2 MUB (X ): then x = y, since by construction Mn UB (X ). We have proved MUB (X ) Mn . Since Mn is nite, MUB (X ) is a fortiori nite. 2 Exercise 5.2.9 Let X be nite. Show that if there exists Y n " X such that 8 x 2" X 9 y 2 Y y x, then MUB (X ) is nite and complete.


131

(A) D = ! f? a bg (where ! = fn j n 2 !g is a copy of !), ordered as follows: 8 x = ? or > > < x = a and y 2 ! or x y i > x = b and y 2 ! or > :

x = n y = m and m n

In this example, U (fa bg) fails to be complete. (B) D = fa bg !, ordered as follows: 8n

a b < n

In this example, U (fa bg) fails to be nite. (C) D = fa bg !L !R (where !L = fnL j n 2 !g and !R = fnR j n 2 !g), ordered as follows: 8 m n a b < mL nR m n ) mL nL and mR nR m < n ) mL < nR and mR < nL In this example, U 1(fa bg) fails to be nite. Figure 5.1: Dcpo's that fail to be pronite

Exercise 5.2.10 Show that D is binite i the conditions stated in theorem 5.2.7 hold, S replacing the operator U by the operator U 0 (X ) = fMUB (Y ) j Y X and ]Y 2g. Show that if D is binite, then U 1 (X ) = U 01 (X ). Figure 5.1 illustrates how an algebraic dcpo may fail to be pronite. The function spaces of examples (A) and (C) are not algebraic (cf. exercise 1.4.15 and proposition 5.3.7). The function space of example (B) is algebraic, but not !-algebraic. It is an example of L-domain, which we shall introduce next. Denition 5.2.11 (L-domain) An L-domain2 is a cpo D such that 8 A n D 8 x 2 UB (A) 9 !y x y 2 MUB (A): Notice that in the deniton of L-domain we have traded the niteness condition of property M against a uniqueness assumption. 2

See also denition 12.5.4 and exercise 12.5.6.

132


Example 5.2.12 The following is a minimal example of a nite partial order which is not an L-domain: D = fa b c d eg with a b c d e. For algebraic cpo's, we can limit ourselves to nite sets of compact elements.

Exercise 5.2.13 Show that an algebraic cpo is an L-domain i 8 A n K(D) 8 x 2 UB (A) 9 !y x

y 2 MUB (A):

Hint: if A = fx1 : : : xn g, consider the sets fe1 : : : en g, where the ei 's approximate the xi 's.

Exercise 5.2.14 (1) Show that one can restrict denition 5.2.11 to the A's which have cardinal 2 without loss of generality (hint: the uniqueness is essential). (2) Show that, if D is algebraic, we may restrict ourselves to compacts, i.e., A n K(D).

Hence L-domains are \locally" bounded complete: any bounded subset is bounded complete.

Proposition 5.2.15 A cpo D is an L-domain i

D j= m and U 1(A) = U (A) for all nite subsets A of D: Proof. ()) Property m holds a fortiori. To show U 1 (A) = U (A). it is enough to prove U 2 (A) U (A). Let x 2 MUB (B ), for a nite B U (A), and letS Ab be a nite subset of A of which Sb is a mub, for any b 2 B . We show S x 2 MUB ( b2B Ab). By construction x 2 UB ( b2B Ab). Suppose x y 2 UB ( b2B Ab). By property m, y b0 for some mub b0 of Ab. By uniqueness of the mub of Ab below x, we get b0 = b. Hence y B and y = x. (() Let x A n D. By property m there exists a 2 MUB (A) such that a x. Let a0 x be such that a0 2 MUB (A). By applying m again, there exists b 2 MUB (a a0) such that b x. Since U 1(A) = U (A), we have b 2 U (A), i.e., b 2 MUB (A0) for some A0 A. Since a a0 2 UB (A), we get a = b = a0. This proves the uniqueness of a. 2 So far, we have made use of the dcpo structure only. The following proposition involves step functions, which are dened with the help of ?.

Proposition 5.2.16 (L-CCC) The category of L-domains and continuous functions is cartesian closed. The full subcategory L of algebraic L-domains is cartesian closed.

Proof. Suppose that f g h are in D ! E . Then f (x) g (x) h(x). Dene

k(x) as the minimum upper bound of f (x) g(x) under h(x). This function k is the minimum upper bound of f g under h (to check the continuity of k, given ,


133

one works in # h(W )). If D and E are algebraic, then we already know that any h is the lub of the set of compact functions below it. We have to check that this set is directed. This follows from the bounded completeness of # h (cf. theorem 1.4.12 ). 2 As a last result in this section we show that the terminal object, products, and exponents in a full subcategory of Dcpo, if any, must be those of Dcpo.

Proposition 5.2.17 Let C be a full subcategory of Dcpo. We denote by , ! the product and the exponent in Dcpo. We write D = E when D and E are isomorphic in Dcpo, which amounts to D and E being isomorphic in the category of partial orders. Then the following properties hold: 1. If C has a terminal object ^1, then ^1 is a one point cpo. 2. If C has a terminal object ^1 and products D^ E , then D^ E = D E. 3. If C has terminal object ^1, binary products, and exponents D! c E , then D! c E = D ! E.

Proof. (1) If ^1 is terminal and has distinct elements x y , then the constant

functions z 7! x z 7! y : ^1 ! ^1 are continuous and distinct: contradiction. In the sequel we freely confuse x 2 d and x : ^1 ! D. (2) Let D E 2 C. Consider the products: (D^ E c1 c2) in C with pairing denoted by bh bi (D E 1 2) in Cpo with pairing h i : We show that hc1 c2i : D^ E ! D E is an isomorphism in Cpo: ^ E: hc1 c2i is injective: We have, for any x x0 2 ^1 ! D c1 x = c1 x0 and c2 x = c2 x0 hc1 c2 i x = hc1 c2i x0 , c2bi x = bhc1 c2bi x0 , bhc1 , x = x0 :

is surjective: Let (y z) 2 D E . We have: (y z) = hc1 c2i(bhy zbi), since c1(bhy zbi) = y and c2(bhy zbi) = z. If (y z ) (y 0 z 0), then bhy zbi bhy 0 z 0bi: We can assume the existence of an object C 2 C containing at least two elements c c0, such that c < c0: indeed, if C only admits objects of cardinality 1 then the proposition is trivially true, and if C contains only discretely ordered sets, then in particular D E are discretely ordered, and so are D^ E (as an object of C) and D E (by the denition of

hc1 c2i


134

product in Dcpo). With this xed C , for any D and x x0 2 D such that x x0, we can build a continuous map fxx : C ! D as follows: 0

(

yc fxx (y) = xx0 ifotherwise : 0

With the help of these functions, we have bhy zbi = bhfyy fzz bi c bhy 0 z 0bi = bhfyy fzz bi c0 : 0

0

0

0

Thus, by monotonicity of bhfyy fzz bi, we get bhy zbi bhy0 z0bi. (3) Given (1) and (2), we may work directly with the standard product . Consider the exponents: (D! c E ev ^ ) in C, with currying denoted by &^ (D ! E ev) in Cpo, with currying denoted by & : 0

0

We show that &(ev ^ ) : (D! ^ E ) ! (D ! E ) is an iso. &(ev ^ ) is injective: If &(ev ^ )(h) = &(ev ^ )(h0), then ev ^ (h id ) = ev^ (h0 id ) by the bijectivity of &. This entails: h = &^ (ev^ (h id )) = &^ (ev^ (h0 id )) = h0:

&(ev ^ ) is surjective: Let f : D ! E . We have f = &(ev^ )(&^ (ev)(f )) since &(ev ^ ) &^ (ev) = &(ev^ (&^ (ev) id )) = &(ev) = id : g g0 ) &^ (ev)(g) &^ (ev)(g0): Consider fgg : C ! (D ! E ). We have 0

&^ (ev)(g) = = = = Let k = &^ (ev (fgg conclusion follows.

0

&^ (ev (g id )) &^ (ev ((fgg c) id )) &^ (ev (fgg id ) (c id )) &^ (ev (fgg id ))(c) : ^ (ev)(g) = k(c) and &^ (ev)(g0) = k(c0) The id )). Then & 0

0

0

2

5.3 Full Sub-CCC's of Acpo * This section is devoted to Jung's classication theorem for algebraic dcpo's. Both Ldomains and binite domains satisfy property m. We shall rst prove that this property is necessary. Actually we prove that bicompleteness is necessary (which is stronger).

5.3. FULL SUB-CCC'S OF ACPO *

135

Denition 5.3.1 (bicomplete) A partial order (D ) is called bicomplete if both D

and Dop = (D ) are directed complete. Proposition 5.3.2 If (D ) is bicomplete, then it saties property m. Proof. By Zorn's lemma. Consider A n D and x 2 UB (A). Let B =# x \ UB (A). In B , every chain is a fortiori codirected in D, and its glb is clearly in B . Hence B has a minimal element, which is clearly a minimal upper bound of A. 2

Jung's theorem relies on three propositions: 5.3.3, 5.3.6, and 5.3.7. We shall also need a theorem due to Markowsky, whose proof is given in section 5.5: a partial order is a dcpo if and only if any non-empty well-ordered subset of D has a lub. Proposition 5.3.3 A continuous dcpo D with continuous function space D ! D is bicomplete. Proof. The proof is by contradiction. By proposition 5.5.1, we may assume that there exists a non-empty op-well-ordered subset B of D which has no glb. Let A be the (possibly empty) set of lower bounds of B . Notice that by the assumption on B we have A \ B = . We dene the following function r on D by ( r(x) = xVfb 2 B j b xg ifif xx 262 A A (where the glb is meant in B) :

r is well dened: We rst prove that the set C of lower bounds in B of fb 2 B j b xg is not empty. Since x 62 A, we have x 6 b0 for some b0 2 B . A fortiori, if b x, then b 6 b0. But B is a total order, hence b0 < b, which proves b0 2 CV. Thus, since we assumed that B is op-well-ordered, the maximum of C exists and is fb 2 B j b xg. In particular we have x 62 A ) r(x) 2 B . r r = r: r(D) 2 A B , and r is the identity on A B . W W W W r is continuous: If $ 2 A, then $ A, hence r( $) = $ = r($). If W $ 62 A, then 6 b0 for some b0 2 B , 2 $ (i.e., 62 A). Hence $0 \ A = , where W W W W $0 = $\ " , andW r($0) B .WClearly $0 = $ and r($0) = r($). Hence it is W 0 0 0 0 enough to prove r($ ) r( $ ). We proceed by contradiction. Let b = r( $ ). If W r($0) 6 b0, then a fortiori r() 6 b0 for any 2 $0. But we have r() 6 b0 , b0 6 fb 2 B j b g , 9 b 2 B b0 > b : W (For the last equivalence, notice that $ 62 A implies b0 2 B , and recall that B is a chain.) Since B is op-well-ordered, the non-empty set fb j 2 $g has a maximum b for some 00 2 $. But then we have: b0 > b W W $ by construction b0 = r( $0) fb 2 B j b W $0 g implies b0 b : Contradiction. Hence r is continuous. We know from exercise 4.6.9 that D0 ! D0 is a retract of D ! D, where D0 = r(D) = A B . It is continuous, by proposition 5.1.10. The rest of the proof consists in obtaining a contradiction to the continuity of D0 ! D0. It goes via successive claims:

00

00

00


136

If A 6= , then there exist x0 " x 2 A and y 0 " y 2 A such that x0 and y 0 have no upper bound in A. We rst show that A0 =+ A is not directed. By continuity of D, the lub of A0 would be larger than any element of A, and still belong to A but since A is not empty, we know that it has no maximum by the assumption on B : contradiction. Hence there exists x00 " x 2 A and y 00 " y 2 A such that x00 and y 00 have no upper bound in A0. Let x0 and y 0 be obtained by interpolation: x00 " x0 " x and y 00 " y 0 " y . Suppose that x0 and y 0 have an upper bound z in A: then, by directedness of + z , x00 and y 00 would have an upper bound in A0 . This completes the proof of claim 1.

Claim 1.

Claim 2. 9 f 2 D0 ! D0 f " id and f (B) B.

Claim 2 is obvious if A is empty, since then B = D0 . If A 6= , let x0 y 0 be as in claim W 0 1. Since x " x = ff (x) j f " id g, we have x0 g (x) for some g " id . Similarly y 0 h(y). Let f be an upper bound of g h in + id . Then x0 f (x) and y 0 f (y ). Let b be an element of B . Then b is an upper bound of x and y , since x y 2 A. Hence f (b) f (x) x0. Similarly f (b) y 0. Thus, by claim 1, f (b) 2 D0 n A = B. This completes the proof of claim 2. Since B is op-well-ordered, we can dene a predecessor function: pred (b) is the maximum b0 such that b0 < b (there is at least one such b0 , otherwise b would be a minimum of B , contradicting our assumption on B ). Dene, for each b 2 B , a function gb : D0 ! D0 by ( (f (x)) if x 2 B and x b gb(x) = pred x otherwise :

where f is given by claim 2.

Claim 3.

1. gb is continuous, for all b 2 B . 2. fgb j b 2 B g is directed and has id as lub. 3. There is no gb such that f gb. Claim 3 contradicts f " id . Thus we are left with the proof of claim 3. (3) If f gb , then f (b) gb(b) = pred (f (b)), a contradiction to the denition of pred . (2) We prove that fgb j b 2 B g is actually a chain by proving b0 b ) gb gb . The only interesting case is when x 2 BWand b0 < x b. Then gb (x) = pred (f (x)) f (x) x = gb (x). The equality id = fgb j b 2 Bg follows from the remark that gpred (b)(b) = b for all b 2 B. (1) It isW easily checked that gb is monotonic. Let $ be directed in D0 . The interesting case isW $ 2 B . Then 2 B for some 2 $, as otherwise we would have $ A (and hence W $ 2 A). We can choose to be the maximum of B \ $, since B is well-ordered. Then $ = 2 $, and the continuity of gb follows by monotonicity. 2 0

0

Remark 5.3.4 This proof generalises the situation presented in exercise 1.4.15. The hypotheses of the previous proposition are actually redundant.

5.3. FULL SUB-CCC'S OF ACPO *

137

Exercise 5.3.5 (!-cont ) cont) Show that a dcpo with continuous function space is continuous. Hint: use the claim proved in proposition 5.3.7.

Proposition 5.3.6 (L/M) Let D and E be algebraic cpo's satisfying property m. If D ! E is continuous, then E is an L-domain or K(D) j= M .

Proof. By contradiction. Suppose that E is not an L-domain and that K(D) 6j= M .

Then (cf. exercise 5.2.14) there exists c in E , two compacts a1 a2 c, and two distinct mub's b1 b2 of fa1 a2g below c. Since D j= m, also K(D) j= m by lemma 5.1.6. Since K(D) 6j= M , by lemma 5.2.8 there exist x1 and x2 in K(D) such that MUB (x1 x2) is innite. Assume moreover that D ! E is continuous. Then we dene g : D ! E by 8 > ? if d 6 x and d 6 x > < a1 if d x11 and d 6 x22 g(d) = > a if d 6 x and d x > : b12 if d x11 and d x22 :

We leave the reader check that g is continuous and is a mub of the step functions x1 ! a1 and x2 ! a2. In particular g is compact. We shall contradict the compactness of g . We dene f by replacing b1 by c in the last line of the denition of g . Clearly g f . We shall exhibit a directed set of functions which has f as lub, but none of which dominates g . For each nite subset A of MUB (x1 x2), dene a function fA : D ! E by 8 ? if d 6 x1 and d 6 x2 > > > a1 if d x1 and d 6 x2 < fA (d) = > a2 if d 6 x1 and d x2 > d 2 MUB (x1 x2)nA > : bc2 ifotherwise : We have to check that the fA 's are continuous, and form a directed set with lub f . We leave this to the reader, with the following hint: to prove the continuity, observe that _ x1 x2 compact $ 2 MUB (x1 x2) ) $ has a maximum: Suppose g fA for some A, and pick d 2 MUB (x1 x2)nA. We should have b1 = g (d) fA (d) = b2. Since we assumed b1 6= b2, this contradicts the minimality of b2. 2

Proposition 5.3.7 Let D be a dcpo with algebraic function space and such that K(D) j= M . Then D is binite.

Proof. Suppose that U 1 is innite, for some nite A K(D). We set B 0 =

A B n+1 = U n+1 (A)nU n(A). By our assumption, for each n, Bn+1 6= . We construct a tree in the following way. The nodes are nites sequences bn : : :b0 where bi 2 B i for all i, and where, for each i < n, bi belongs to a subset of U i (A) of which bi+1 is a mub. The root is the empty sequence, the predecessor of bn : : :b0 is bn;1 : : :b0. By construction, and by property M , this is a nitely branching tree. We show that for any b 2 U 1 (A) there exists a node bn : : :b0 such that b = bn , which entails that the tree is innite. Let n be minimum such that b 2 U n (A) we have a fortiori b 2 Bn . By denition of U n (A)

138


we can nd a subset B of U n;1 (A) of which b is a mub. If B were also a subset of U n;2 (A), then we would not have b 2 Bn . Hence we can build bn;1 : : :b0 as desired. Since the tree is innite and nitely branching, by Konig's lemma it has an innite branch : : :bn : : :b0 , which in particular forms an innite strictly increasing sequence in U 1(A). Now we use the algebraicity of D ! D. We have _ id = ff j f is compact and f id g: W In particular a = ff (a) j f is compact and f id g, for a compact, implies a = f (a) for some f . By directedness we can nd a compact f id for which 8 a 2 A (a = f (a)). We claim: 8 a 2 U 1 (A) (a = f (a)): Suppose that we know 8 a 2 U n (A) (a = f (a)). Let a be a mub of A0 U n (A). Then a f (a) f (A0) = A0 implies f (a) = a. By the claim we have f (bn ) = bn for all n, and f (c) = c follows by continuity for c = W bn . We shall get a contradiction by proving the following claim:

Claim.

If D is a dcpo which has a continuous function space, and if f " id , then f (d) " d for all d. If the claim is true, then c = f (c) " c, hence c is compact. But a lub of a strictly increasing sequence is not compact: contradiction. We prove the claim by appealing again to a \retract" trick. Let $ be such that d W $. Set z = W $. Since # z = D0 is a retract of D (cf. lemma 5.1.9), D0 ! D0 is continuous, as a retract of D ! D. We show that f " id also holds in D0 ! D0 (notice that since f id , f maps D0 into D0 ). For Wthis, it is enough by lemma 5.1.3 to consider a directed $0 D0 ! D0 such that id = $0 in D0 ! D0. Each g in $0 can be extended to D by setting g(x) = x whenever x 6 z: Hence $0 can be viewed as a directed subset in D ! D, and has clearly id as lub there too. It follows that f g for some g 2 $0, and the inequality holds a fortiori in D0 ! D0. We have proved f " id in D0 ! D0. Consider the family of constant functions x 7! for each 2 $. It forms a directed set with lub the constant x 7! z . We have (x 7! z ) id (in D0 ! D0 ). Hence f (x 7! ) for some 2 $. In particular f (d) . This ends the proof of the claim and of the proposition. 2 Theorem 5.3.8 The categories Bif and L are the two maximal cartesian closed full subcategories of Acpo. Proof. We have already proved that Bif and L are cartesian closed. By proposition 5.2.17, if C is a cartesian closed full subcategory of Acpo, we know that the exponents of C are the exponents of Cpo. Let D 2 C. Since both D and D ! D are algebraic, D is bicomplete by proposition 5.3.3, hence, by proposition 5.3.2, D j= m. Thus we can apply proposition 5.3.6 to any D E 2 C. Combining with proposition 5.3.7 applied to D, we get, for any D E 2 C: K(D) is binite or E is an algebraic L-domain:

5.4. FULL SUB-CCC'S OF ADCPO *

139

Suppose now that C is neither a subcategory of L nor a subcategory of Bif. Then there is an object D of C which is not binite and an object E of C which is not an L-domain: contradiction. 2 The analysis is simplied in the case of ! -algebraic cpo's, thanks to the following proposition.

Proposition 5.3.9 If D is an (algebraic) cpo and D ! D is !-algebraic, then K(D) j= M.

Proof. We already know from proposition 5.3.3 that D is bicomplete, hence that

K(D) j=

m. Assume that MUB (a1 a2) is innite for some compacts a1 a2. We build uncountably many mub's of a1 ! a1 and a2 ! a2 . Since they are all compact, this contradicts the ! -algebraicity of D. We pick two distinct mub's b1 b2 of a1 a2. For any S MUB (a1 a2), we dene fS : D ! D by 8 ? if d 6 a1 and d 6 a2 > > > < a1 if d a1 and d 6 a2 fS (d) = > a2 if d 6 a1 and d a2 > ds > : bb12 ifif 99 ss 22 SMUB (a1 a2)nS d s : To see that fS is well-dened, we use the fact that D is an L-domain by proposition 5.3.6: if d 2 MUB (a1 a2), there is exactly one mub of a1 a2 below d. We omit the rest of the proof. 2

Exercise 5.3.10 (Smyth) Show that the category !Bif of !-binite cpo's and continuous functions is the largest cartesian closed full subcategory of ! Acpo.

5.4 Full Sub-CCC's of Adcpo * In this section, we present a brief account of Jung's results in the case of algebraic dcpo's, that is, we relax the assumption that the domains have a ?. There are four maximal cartesian closed full subcategories of Adcpo. The duplication with respect to to the previous section comes from the following discriminating proposition, which is "orthogonal" to the discriminating proposition 5.3.6.

Proposition 5.4.1 (F/U) Let D and E be continuous dcpo's satisfying property m. If D ! E is continuous, then D has nitely many minimal elements or E is a disjoint union of cpo's. Proof. By contradiction. We thus assume that D has innitely many minimal ele-

ments and that E is not a disjoint union of cpo's. First notice that the collection of minimal elements of E can be alternatively described as MUB (). Hence by property m, E can be described as E = Sf" e j e is a minimal element of E g. Our assumption implies that there exists an upper bounded pair fe1 e2g of distinct minimal elements


140

of E . By property m one can nd a mub e of e1 e2. The constant function x 7! e1 is minimal, hence compact in D ! E (minimal implies compact in a continuous dcpo). For any nite set A of minimal elements of D, we dene a function fA by ( x 2" A fA(x) = ee ifotherwise : 2

This denes a directed family of continuous functions which has x 7! e as lub (the monotonicity of fA follows from e2 e). Hence one must have (x 7! e1) fA for some A, which entails e1 e2 . But e2 is minimal and e1 6= e2 : contradiction. 2 The property of niteness of the set of minimal elements is not strong enough to be closed under function spaces. But a strengthening will do.

Denition 5.4.2 (root) Given a dcpo D , the set U 1() is called the root of D. Proposition 5.4.3 Let D be a (continuous) dcpo such that D ! D satises property

m and has nitely many minimal elements. Then D has a nite root. Proof. With each element d of the root we associate the canonical retraction rd onto # d dened in lemma 5.1.9. We show that if d 6= d0 , then rd and rd have no common lower bound. We can assume say d 6 d0. Then if f rd rd , we have: 0

0

f rd f rd

f (d) d f (d) rd (d) = d0 : In fact, because d is in the root of D, f (d) d implies f (d) = d. This is obvious if d is a minimal element of D, and the property propagates to all elements of the root (cf. the proof of proposition 5.3.7). Hence d = f (d) d0, contradicting the assumption. Since D ! D j= m, there exists a minimal function md below each rd . The md 's are all distinct, since md = md would entail that frd rd g has a lower bound. Hence if the root of D is innite, then D ! D has innitely many minimal elements: contradiction. 2 0

0

) )

0

0

Quite orthogonally, the results of the previous section can be exploited.

Lemma 5.4.4 (8L/8M) Let D and E be algebraic dcpo's satisfying property m. If " e

is not an L-domain and if K(" d) 6j= M , for some compacts e d of E D, respectively, then D ! E is not continuous. Proof. Obvious consequence of proposition 5.3.6 and exercise 4.6.9.

2

Corollary 5.4.5 (8L/8B) If D and E are algebraic dcpo's satisfying property m and

if D ! E is an algebraic dcpo, then either all basic Scott opens " d (d 2 K(D)) are binite or all " e's (e 2 K(E )) are L-domains. Proof. Lemma 5.4.4 is applicable by proposition 5.3.3. Suppose that a Scott-open " e is not an L-domain: then, by the lemma, 8 d K(D) j= M . We conclude by noticing that proposition 5.3.7 is applicable to " d thanks to the following claim.

5.5. COMPLETENESS OF WELL-ORDERED LUB'S *

141

If D ! D0 is algebraic and d d0 are compact, then " d !" d0 is algebraic. The claim follows from the observation that " d !" d0 is order-isomorphic to " (d ! d0 ). 2 Theorem 5.4.6 There are exactly four maximal cartesian closed full subcategories of Adcpo, with the following respective classes of objects: (UL) the disjoint unions of algebraic L-domains (UB) the disjoint unions of binite cpo's (FL) the dcpo's with a nite root whose basic Scott opens " d are algebraic L-domains (FB) the pronite dcpo's: Proof. We omit the verications that these four categories are cartesian closed. We also leave it to the reader to verify that the pronite dcpo's are the dcpo's with a nite root such that all " d's are binite. The proof proceeds like the proof of theorem 5.3.8, exploiting not only the discrimination L/M (in its variant 8L/8B), but also the discrimination F/U. We use B, L, F, U as abbreviations for binite, L-domain, nite root, disjoint union of cpo's, respectively. Let C be a cartesian closed full subcategory of Adcpo. By corollary 5.4.5 on one hand, and by combining proposition 5.4.1 (applied to D ! D and E ) and 5.4.3 on the other hand, we get, as in the proof of theorem 5.3.8: (C B or C L) and (C F or C U): Assume now that C is not included in any of UL, UB and FL. Let D1 D2 D3 2 C witness these non-inclusions, and let D be an arbitrary object of C. Then we proceed by cases: D1 62 U: Then D D3 2 F since C F or C U. By non-inclusion, we have D3 62 L, which implies D 2 B since C B or C L. D1 62 L: Similarly we deduce that D 2 B and D 2 F, using witness D2 . 2

Claim.

Exercise 5.4.7 Show that the category !Prof of !-pronite dcpo's and continuous functions is the largest cartesian closed full subcategory of ! Adcpo.

5.5 Completeness of Well-Ordered Lub's * We prove the theorem of Mar76] which we used in the proof of proposition 5.3.3. The proof assumes some familiarity with ordinals and cardinals. We simply recall that every set can be well-ordered, that ordinals are canonical representatives of isomorphisms classes of well-orderings, and that cardinals are the least ordinals of a given cardinality. We write ]$ for the cardinal of $ Proposition 5.5.1 (Markowsky) 1. A partial order D is a dcpo i any non-empty chain of D has a lub. 2. Let D be a partial order. D is a dcpo i any non-empty well-ordered subset of D has a lub.


142

Proof. (2) clearly implies (1), but (1) serves as a stepping stone to (2).

(1) We rst prove the following claim.

Claim 1.

Let $ be an innite directed set. There is an ordinal and a family f$ g , then x 62 X by minimality of 0 , and

x y for some , by (D) y y by (E) : We use a similar reasoning if is a limit ordinal. This completes the proof of claim 2. The set Y W= fy j y is denedg is well-ordered by (E). Since Y X , we are left to show X Y . This follows from (F) if y is dened for any index. Otherwise, the construction of the y 's has reached a \stop" at some . There are two cases: W = + 1 and X = : Then X Y follows from (D). T is a limit ordinal and < X = . Let x 2 X , then x 62 X for some < , and the conclusion again follows from (D). 2

144


Chapter 6 The Language PCF We have provided semantics for both typed and untyped -calculus. In this chapter we extend the approach to typed -calculus with xpoints (Y -calculus), we suggest formal ways of reasoning with xpoints, and we introduce a core functional language called Pcf, originally due to Scott Sco93], and thoroughly studied by Plotkin Plo77]. Pcf has served as a basis for much of the theoretical work in semantics. We prove the adequacy of the interpretation with respect to the operational semantics and we discuss the full-abstraction problem, which has triggered a lot of research, both in syntax and semantics. In section 6.1 we introduce the notion of cpo-enriched CCC, which serves to interpret the Y -calculus. In section 6.2, we introduce xpoint induction and show an application of this reasoning principle. In section 6.3, we introduce the language Pcf, we dene its standard denotational semantics and its operational semantics, and we show a computational adequacy property: the meaning of a closed term of base type is dened if and only if its evaluation terminates. In section 6.4 we address a tighter correspondence between denotational and operational semantics, known as full abstraction property. We show how a fully abstract model of Pcf can be obtained, by means of a suitable quotient of an (innite) term model of Pcf. In section 6.5, we introduce Vuillemin's sequential functions, which capture rst-order Pcf denability.

6.1 The Y -Calculus The Y -calculus is the typed -calculus extended with a family of constants Y

of type ( ! ) ! for each type (Y for short), with the following reduction rule: (Y ) Y M ! M (Y M ): It is also convenient to consider a special constant # at each type (to be interpreted by ?). 145

CHAPTER 6. THE LANGUAGE PCF

146

Denition 6.1.1 (cpo-enriched-CCC) A cartesian closed category C is called a cpo-enriched cartesian closed category if all homsets Ca b] are cpo's, if composition is continuous, if pairing and currying are monotonic, and if the following strictness conditions hold (for all f of the appropriate type): ?f

= ? ev h? f i = ?:

Remark 6.1.2 Notice that our denition of a cpo-enriched CCC involves the

cartesian closed structure of the category: thus in our terminology a cpo-enriched CCC is not just a cpo-enriched category which happens to be cartesian closed.

Lemma 6.1.3 In a cpo-enriched CCC pairing and currying are continuous. Proof. We consider the caseWof currying W only (the argument is the same for

pairing). W In order to prove &( ) = f&(f ) j f 2 g, it is enough to check that f&(f ) j f 2 g satises the characterizing equation: _ _ ev ( f&(f ) j f 2 g id) = : The monotonicity of & guarantees that f&(f ) j f 2 g is directed. Hence by continuity of composition (and pairing) we have _ _ _ ev ( f&(f ) j f 2 g id) = fev (&(f ) id) j f 2 g = :

2 The following denition was rst given by Berry Ber79]. Denition 6.1.4 (least xpoint model) A least xpoint model is a cpo-enriched cartesian closed category where # and Y are interpreted as follows: #]] = ?_ Y ] = f:f n#]] n
where M n # = M ( (M #) ), n times. The fact that the sequence of the f:f n#]]'s is increasing follows from the assumptions of monotonicity in the denition of cpo-enriched CCC.

Proposition 6.1.5 In a least xpoint model, the (Y ) rule is valid. Proof. Exploiting the continuity of the composition and pairing, we have

Y M] = ev hWn
2

6.2. FIXPOINT INDUCTION

147

Proposition 6.1.6 Cpo is a cpo-enrichedWCCC. In particular, for any cpo D,

Fix : (D ! D) ! D, dened by Fix(f ) = n2! f n (?) is continuous. Exercise 6.1.7 Consider the extension of the simply typed -calculus with a collection of constants Yn (n 0) and rules: (Yn ) Yn+1 M ! M (Yn M ): Prove that the system obtained by adding these rules to the -rule is strongly normalizing. Hint: adapt the proof of theorem 2.2.9. Exercise 6.1.8 Let C be a cpo-enriched cartesian-closed category such that currying is strict, i.e. (?) = ?. Adapt the denition of Bohm tree given in chapter 2 to the Y -calculus by setting ! (~x:Y M1 : : :Mp) = (p 1). Show that the following holds:

_ M ] = f ! (N )]] j M !? N g: Hints: W (1) Extend the meaning function by setting: Yn ] = f:f n ]]. (2) Show that M ] = n
As an illustration, we carry in some detail the proof of the following proposition, due to Beki*c, which shows that n-ary xpoints can be computed using unary xpoints.

Proposition 6.2.3 Let D E be cpo's and f : D E

! D, g : D E ! E be continuous. Let (x0 y0 ) be the least xpoint of hf g i. Let x1 be the least xpoint of f hid hi, where h = Fix &(g ) : D ! E (hence h(x1 ) is such that g(x1 h(x1)) = h(x1)). Then x0 = x1 and y0 = h(x1).

Proof. (x0 y0) (x1 h(x1)) : Dene the predicate Q(u v ) as (u v ) (x1 h(x1 )).

This is an inclusive predicate (see exercise 6.2.2). Thus we may start the xpoint induction engine. The base case is obvious. Suppose that (u v) (x1 h(x1)). We want to show that f (u v) x1 and g(u v) h(x1). By monotonicity we have f (u v) f (x1 h(x1)) and g(u v) g(x1 h(x1)). But f (x1 h(x1)) = x1 since x1 is a xpoint of f hid hi. This settles the inequality f (u v) x1. By denition of h, we have h(x1) = g(x1 h(x1)), which settles the other inequality. (x1 h(x1)) (x0 y0) : We dene a second predicate R(u) as (u h(u)) (x0 y0). We leave the base case aside for the moment, and suppose that R(u) holds. We have to prove R(f (u h(u))). We have f (u h(u))) f (x0 y0) = x0 by monotonicity, and by denition of (x0 y0). We need a little more work to obtain h(f (u h(u))) y0. It is enough to check h(x0) y0. By denition of h y0 we

6.3. THE PROGRAMMING LANGUAGE PCF

149

n

: (n 2 !) tt :o succ pred :! zero ? :!o if then else : o ! ! ! if then else : o ! o ! o ! o # Y

: : ( ! ) !

for all for all

Figure 6.1: The constants of Pcf have h(x0) = g(x0 h(x0)), and y0 = g(x0 y0). We dene a third inclusive predicate S (u) as u y0, remembering that h(x0) is the least xpoint of &(g)(x0). The base case is obvious. Suppose that u y0. Then g(x0 u) g(x0 y0) = y0. Hence xpoint induction with respect to S allows us to conclude h(x0) y0. We are left with the base case with respect to R: (? h(?)) (x0 y0) follows a fortiori from h(x0) y0. 2 Let us shortly analyse this proof: we have focused in turn on each of the least xpoint operators involved in the statement, exploiting just the fact that the other least xpoints are xpoints.

6.3 The Programming Language Pcf Scott Sco93], and then Plotkin Plo77], introduced a particular simply typed Y calculus, Pcf, which has become a quite popular language in studies of semantics. It has two basic types: the type of natural numbers, and the type o of booleans. Its set of constants is given in gure 6.1.The language Pcf is interpreted in Cpo as specied in gure 6.2 (for the interpretation of # and Y , cf. denition 6.1.4). We use the same notation for the constants and for their interpretation, to simplify notation. This interpretation is called the continuous model of Pcf. More generally, we dene the following notion of standard model.

Denition 6.3.1 (standard) Let C be a least xpoint model. If we interpret and o by objects D and Do such that C1 D ] and C1 Do ] are (order-isomorphic) to !? and B?, if the basic constants are interpreted as in gure 6.2, and if the


150

D o = B? where B? = f? tt g D = !? at domain on natural numbers

!

D = D !cont D exponent in Cpo (

x=? succ (x) = x + 1 if if x 6= ? 8 > < ? if x = ? zero ?(x) = > tt if x = 0 : otherwise ?

(

if x = ? or x = 0 x ; 1 otherwise 8 > < ? if x = ? if x then y else z = > y if x = tt : z if x = pred (x) =

?

Figure 6.2: Interpretation of Pcf in Cpo rst-order constants behave functionally as specied in gure 6.2 (replacing, say, succ (x) by ev hsucc xi), then we say that we have a standard model of Pcf.

Recall that if C has enough points, then the model is called extensional (cf. denition 4.5.4).

Denition 6.3.2 (order-extensional) Let C, D , and Do be as in denition 6.3.1. Suppose moreover that C has enough points and that the order between the morphisms is the pointwise ordering, like in Cpo. Then the model is called order-extensional.

Operational semantics of Pcf. We equip Pcf with an operational semantics which is adequately modelled by any standard model. It is described in gure 6.3 by means of a deterministic evaluation relation !op .

Exercise 6.3.3 Let add l = Y (fxy:if zero ?(x) then y else succ(f (pred (x))y)). Compute add l 4 3 using the rules in gure 6.2.

Exercise 6.3.4 Imitate the techniques of chapter 2 to establish that the rewriting sys-

tem ! specied by the eight axioms of gure 6.2 (applied in any context) is conuent, and that if M !? N and N is a normal form, then M !?op N . Hint: prove suitable versions of the standardisation and Church-Rosser theorems presented in chapter 2.

Next we investigate the relationships between the denotational and the operational semantics of Pcf.

6.3. THE PROGRAMMING LANGUAGE PCF

(x:M )N YM succ (n) pred (n + 1) zero ?(0) zero ?(n + 1) if tt then N else P if then N else P M !op M MN !op M N 0

0

M !op M succ (M ) !op succ (M ) 0

0

151

!op M N=x] !op M (Y M ) !op n + 1 !op n !op tt !op !op N !op P

M !op M if M then N else P !op if M then N else P 0

0

M !op M pred (M ) !op pred (M ) 0

0

M !op M zero ?(M ) !op zero ?(M )

Figure 6.3: Operational semantics for Pcf

0

0


152

Denition 6.3.5 (Pcf program) We call programs the terms of Pcf which are closed and of basic type.

For example, (x:x)3 and add l 4 3 (cf. exercise 6.3.3) are programs.

Theorem 6.3.6 (adequacy) Any standard model C of Pcf is adequate, i.e., for all programs of type (and similarly for type o):

(9 n P !?op n) , P ] = n:

Proof. ()) Follows by soundness of the continuous model. (() The key idea is to decompose the problem into two subproblems, one which

will be proved by induction on types, the other by induction on terms. We use the notation of section 4.5, and write D = C1 D ]. The induction on types comes into play by a denition of a family of relations R D PCFo, for each type , where PCFo is the set of closed terms of type . Here is the denition of these (logical-like) relations ( Ro is analogous to R ):

R R

!

= f(x M ) j x = ? or (x = n and M !?op n)g = f(f M ) j 8 e N (e R N ) ev hf ei R MN )g :

The statement is a part of the following claim. For each provable judgement x1 : 1 : : : xn : n ` M : , for each n-tuple (d1 N1) : : : (dn Nn) such that di Ri Ni for i = 1 : : : n, we have ~x : ~ ` M ] hd1 : : : dn i R M N1=x1 : : : Nn=xn ]: We set M = M N1=x1 : : : Nn =xn], etc: : : We proceed with the simplest cases rst. M = xi: Then M ] hd1 : : : dn i = di , and M N1=x1 : : : Nn=xn ] = Ni, hence the sought result is di Ri Ni, which is among the assumptions. M = NQ: By induction N ] hd1 : : : dn i R N and Q] hd1 : : : dni R Q . By denition of R , ev h N ] hd1 : : : dn i Q] hd1 : : : dn ii R N Q , i.e. M ] hd1 : : : dn i R M . M = x:Q: We have to show, for each d R N : 0

!

0

!

0

0

0

0

ev h M ] hd1 : : : dn i di R M N i:e: Q] hd1 : : : dn di R (x:Q )N: 0

By induction we have Q] hd1 : : : dn di R QN1=x1 : : : Nn=xn N=x]:

0

6.4. THE FULL ABSTRACTION PROBLEM FOR PCF

153

Since (x:Q )N !op QN1=x1 : : : Nn =xn N=x], we can conclude provided the following property holds, for all : 0

(Q1) f R M and M !op M ) f R M : 0

0

M = n: In this case, n R M holds trivially. Similarly for tt and . M = succ : Let d R P . We have to show ev hsucc di R succ (P ). There are two cases: d = ? : Then ev hsucc di = ev hsucc ?i = ? d = n : Then ev hsucc di = n + 1 : In both cases ev hsucc di R succ (P ). The reasoning is similar for pred , zero ?, and if then else . M = Y : We have to show Y ] R( ) Y , that is, ev h Y ] gi R Y M , for all g R M . We assume the following properties (cf. inclusive predicates), for all : (Q2) ? R M (Q3) ffngn
!

!

By (Q3), the conclusion follows if we show: ev h f:f n]] g i R Y M (for all n):

We set dn = ev h f:f n]] gi. Since dn = f n]] g, we have dn+1 = ev hg dn i for all n. Therefore, we only have to show: 1. d0 R Y M : Since d0 = ]] g, this follows from (Q2) and from the left strictness of composition. 2. (d R Y M ) ) (ev hg di R Y M ): Since g R M by assumption, we have ev hg di R M (Y M ), and the conclusion then follows by (Q1). Properties (Q1) and (Q2) are obvious at basic types. For a type ! , (Q1) follows by induction from the inference: (M !op M ) ) (M N !op MN ) and (Q2) follows from the strictness equation ev h? di = ?. (Q3) follows at basic types from the fact that non-increasing sequences are stationary in a at domain, and at functional types from the preservation of limits by continuity. This completes the proof of the claim. 2 !

0

0

6.4 The Full Abstraction Problem for Pcf In general, given a programming language, the specication of the operational semantics is given in two steps:

154


1. Evaluation: a collection of programs is dened, usually a collection of closed terms, on which a partial relation of evaluation is dened. The evaluation is intended to describe the dynamic evolution of a program while running on an abstract machine. 2. Observation: a collection of admissible observations is given. These observations represent the only mean to record the behavior of the evaluation of a program. In this fashion, an observational equivalence can be dened on arbitrary terms M and N as follows: M is observationally equivalent to N if and only if whenever M and N can be plugged into a piece of code P , so to form correct programs P M ] and P N ], then M and N are not separable (or distinguishable) by any legal observation. On the other hand any interpretation of a programming language provides a theory of program equivalence. How does this theory compare to observational equivalence? We will say that an interpretation (or a model) is adequate whenever it provides us with a theory of equivalence which is contained in the observational equivalence. Moreover we call an adequate model (equationally) fully abstract if the equivalence induced by the model coincides with the observational equivalence. In this section we discuss the situation for Pcf. We have dened the programs as the closed terms of base type. We have dened an evaluation relation !op . What can be observed of a program is its convergence to a natural number or to a boolean value. The principal reason for focusing on programs is that they lead to observable results. This stands in contrast with expressions like x:x, which are just code, and are not evaluated by !op unless they are applied to an argument, or more generally unless they are plugged into a program context. A program context for a Pcf term is a context C (cf. denition 2.1.6) such that C M ] is a program.

Denition 6.4.1 (observational preorder) We dene a preorder obs , called observational preorder, between Pcf terms M N of the same type, as follows: M obs N , 8C (C M ] !?op c ) C N ] !?op c) where C ranges over all the contexts which are program contexts for both M and N , and where c ::= n j tt j .

Remark 6.4.2 By exercise 6.3.4 and by theorem 6.3.6, equivalent denitions for obs are: M obs N , 8C program context (C M ] !? c ) C N ] !? c) M obs N , 8C program context (C M ]]] C N ]]]) :


155

Denition 6.4.3 (fully abstract) A cpo-enriched CCC is said to yield an inequationally fully abstract (fully abstract for short) model of Pcf if the following equivalence holds for any Pcf terms of the same type: M obs N , M ] N ] : It is a consequence of the adequacy theorem that the direction (() holds for

the continuous model (and in fact for any standard model). But the converse direction does not hold for the continuous model. There are several proofs of this negative result, all based on a particular continuous function por : B B ! B dened by: 8 > < tt if x = tt or y = tt por (x y) = > if x = and y = : ? otherwise : 1: Plotkin rst proved that the continuous model is not fully abstract. He gave the following terms: M1 = g:if P1 then if P2 then if P3 then else tt else else M2 = g:if P1 then if P2 then if P3 then else else else where P1 = g tt , P2 = g tt , and P3 = g . These terms are designed in such a way that tt = M1] (por ) 6= M2] (por ) = : On the other hand M1 =obs M2. This is proved thanks to two key syntactic results: (a) Milner's context lemma Mil77]. This lemma, proposed as exercise 6.4.4, states that in the denition of obs it is enough to let C range over socalled applicative contexts, of the form ]N1 : : :Np. Applying this lemma to M1 M2, we only have to consider contexts ]N . By the denition of !op , we have for i = 1 2: 8> < N tt !?op? tt ? Mi]N !op c ) > N tt !op tt : N !?op : ?

?

?

(b) The second syntactic result that we use is that there is no N such that N tt !?op tt N tt !?op tt N !?op : This result is a consequence of the following more general result. Pcf is a sequential language, in the following sense: If C is a closed program context with several holes, if ` C : : : ]]] = ? and 9 M1 : : : Mn ` C M1 : : : Mn]]] 6= ?


156

then there exists an i called sequentiality index, such that

8 N1 : : : Ni 1 Ni+1 : : : Nn ` C N1 : : : Ni 1 Ni+1 : : : Nn]]] = ? : This result is an easy consequence of (the Pcf version of) Berry's syntactic ;

;

sequentiality theorem 2.4.3 (see exercise 6.4.5) and of the adequacy theorem 6.3.6. Here, it is applied to C = N ] ], observing that we can use N !?op to deduce that there is no c such that M !?op c. Another way to prove the non-existence of N is by means of logical relations. We have treated essentially the same example in section 4.5.

2: Milner has shown that in an extensional standard fully abstract model of Pcf, the interpretations of all types are algebraic, and their compact elements must be denable, i.e. the meaning of some closed term. This is called the denability theorem (for a proof, we refer to Cur86]). One can use this result to cut down the path followed in (1) and go directly to step (b). In reality, there is no cut down at all, since the proof of the denability theorem uses the context lemma, and exploits terms in the style of M1 M2.

Exercise 6.4.4 (context lemma) * Let M and M be two closed Pcf terms of the 0

same type such that, for all closed terms N1 : : : Nn such that MN1 Nn is of basic type, the following holds:

MN1 Nn !?op c

)

M N1 Nn !?op c: 0

Show that M obs M . Hint: proceed by induction on (length of the reduction C M ] !?op c, size of C M ]). 0

Exercise 6.4.5 (syntactic sequentiality for Pcf) Prove the Pcf version of theorem 2.4.3, and show the corresponding corollary along the lines of exercise 2.4.4.

The converse of the denability theorem also holds, and is easy to prove.

Proposition 6.4.6 If C is an order-extensional standard model of Pcf in which all cpo's interpreting all types are algebraic and are such that all their compact elements are denable, then C is fully abstract. Proof. Suppose that M obs M . It is enough to check M ] (d~) M ] (d~) for all compact d~ = d1 dn . Then the conclusion follows using contexts of the form ]N1 Nn. 2 0

0

Exercise 6.4.7 (uniqueness) Show, as a consequence of proposition 6.4.6 and of the de nability theorem, that all order-extensional standard models of Pcf are isomorphic (in a suitable sense).


157

In fact, this (unique) fully abstract model exists, and was rst constructed by Milner as a quotient of the term model of Pcf. Since then, a lot of eorts have been made to provide more \semantic" constructions of this model (this is known as the full abstraction problem for Pcf). In particular, the non-denability of por prompted the study of sequentiality, which is the subject of section 6.5 and of chapter 14. A weaker notion, stability, appeared on the way, and is the subject of chapter 12. Remark 6.4.8 Gunter has proposed a simple semantic proof of M1 =obs M2. In the stable model of Pcf, to be dened in chapter 12, we have M1] = M2] . In the stable model, one retains only functions which satisfy the following property (specied here for a type like o o ! o):

8 x f (x) 6= ? ) 9 y minimum (y x and f (y) 6= ?): In particular, por is rejected (take x = (tt tt ), then (? tt ) and (tt ?) are both

minimal, but there is no minimum), and this is why we have M1] = M2] . Now, because the direction ( holds for the stable model, which is standard, we have M1 =obs M2.

Pcf B ohm trees. In the rest of this section, we sketch a construction of the fully abstract model of Pcf, based on a notion of Bohm tree for Pcf, and due

independently to Hyland and Ong, and to Abramsky, Jagadeesan and Malacaria HO94, AJM95]. Often, our denitions are given for types built over only. The extension of the constructions to the full Pcf type hierarchy is straightforward. Denition 6.4.9 (Pcf B ohm tree) We dene the set T raw of raw Pcf Bohm trees, and the auxiliary set Braw as follows (T ranges over T raw , and B ranges over B raw ): T ::= ~x : ~:B B ::= j n j case xT~ F ] (n 2 !) F : ! * Braw (dom (F ) nite) : We endow T raw with a subtree ordering, which is the least congruence satisfying: T (for any T ) F (n) # ) F (n) F F F(n) for any n 2 ! The set T raw can be viewed as a subset of the set of (raw) terms in (C ), with 0

0

C = f n case X j n 2 ! X n !g taking case dom (F ) to encode ~y :case xT1 Tn F ]. The constants are typed as follows: ` : ` n : ` case X : ]X +1:


158

There are no constants ` : at non-basic types. A correctly typed raw Pcf Bohm tree is called a nite Bohm tree. The sets of correctly typed terms of T raw and Braw are denoted T and B. We denote with T the ideal completion of (T ) (cf. proposition 1.1.21). We use P Q to range over T , while S T B always denote nite trees. The completion is done at every type, and we write ; ` P : whenever ; ` S : for any nite approximation of P . 1

1

Next we dene a category whose morphisms are trees of T . Denition 6.4.10 The category BTPcf has the following objects and morphisms: The objects of BTPcf are the sequences ~ of Pcf types. BTPcf~~ ], with ~ = 1 : : : n , consists of a vector of trees ~x : ~ ` Pi : i in T , for i = 1 : : : n. Given ~ and in the list ~ , we dene a projection morphism ~x : ~ ` ~ : by induction on = 1 ! ! p ! , as follows: 1

1

~ = ~y: case x(~ 1 ) (~ p ) id ] where id is the identity function mapping n 2 ! to ` n : . If ~ = 1 : : : n, then the identity morphism id : ~ ! ~ is dened by: id = ~ 1 : : : ~ n .

Remark 6.4.11 The projection and identity morphisms are innite trees, due

to the presence of the identity function n:n in their denition, which introduces innite horizontal branching.

In order to dene composition, we proceed in two stages. First, we dene the composition of nite morphisms, i.e. nite trees. Given T~ 2 BTPcf~ ~ ] and S 2 BTPcf~ ], we form (~x:S )T~ , and reduce it to its normal form R, applying , as well as the following rules: 0

0

00

(

F (n) # ( ) case n F ] ! F (n) ifotherwise () case F ] ! ( ) case (case M F ]) G] ! case M H ] : where H has the same domain as F and H (n) = case F (n) G]. We set S (T~ ) = R: Finally, composition is extended to innite trees by continuity: _ P (Q~ ) = fS (T~ ) j S P T~ Q~ g:


159

We now have to justify all this carefully. We have to show that: 1: R always exists, 2: R 2 T 3: The lub in the denition of P (Q~ ) exists, 4: composition satises the monoid laws. As for (1), we rely on the following theorem due to Breazu-Tannen and Gallier BTG91].

Theorem 6.4.12 Let (C ) be a simply-typed 1 -calculus with constants whose

type has rank at most 1. Let R be a set of strongly normalising rewriting rules for rst-order terms written with the (uncurried) signature C . Then the rewriting system + R (with the curried version of R) over (C ) is strongly normalizing.

We instantiate R as ( ) + () + ( ).

Proposition 6.4.13 The system ( ) + () + ( ), considered as a rst-order rewriting system, is strongly normalizing.

Proof. We use a technique inspired from exercise 2.2.23. We call the set of rst-order terms built over the uncurried signature C = f n case X j n 2 ! X n !g. We dene a subset of ! dened as the least set closed under the following rules, where F 2 ! stands for 8 n (F (n) # ) F (n) 2 !): 1: s 2 ! if s = n or x 2: case s F ] 2 ! if s = n or x and if F 2 ! 3: case (case s F ]) G] 2 ! if G 2 ! and if case s H ] 2 !

where H is as in rule ( ): We claim that for all s and F , if s 2 and G 2 !, then case s G] 2 !. We prove this by induction on the size of s only:

If s = n or x, then case s G] 2 ! by (2). If s = case t F ], then we have to prove case t H ] 2 !, which holds by induction, provided we prove rst H 2 !. But this holds by induction too, since H (n) = case F (n) G].

The claim a fortiori implies that ! is closed under case ], hence ! = . The interest of the presentation of as ! is that we can prove strong normalisation of s by induction on the proof of s 2 !, as follows: (1) Then s is in normal form. 1

This theorem is actually proved in BTG91] for the polymorphic -calculus.


160

(2) Then we know by induction that F (n) is strongly normalizing whenever F (n) is dened, and we conclude by noticing that a reduct of s is either case s F ] (where F pointwise reduces to F ), or , or t, where t is a reduct of F (n) for some n. 0

0

(3) We know by induction that G is pointwise strongly normalizing, and that case s H ] is strongly normalizing. In particular, s is strongly normalizing, and, by the denition of H , F is pointwise strongly normalizing. Therefore an innite reduction from case (case s F ]) G] can only be of the form case (case s F ]) G] ! case (case s F ]) G ] ! case s H ]

0

0

0

0

0

where H is dened from F and G as H is dened from F and G. It follows that case s H ] is a reduct of case s H ], and is therefore strongly normalizing. 2 0

0

0

0

0

Exercise 6.4.14 * Prove directly that is strongly normalizing, by adapting the

proof of theorem 3.5.20. Hint: prove by contradiction that the set of strongly normalisable terms is closed under case ], exploiting the strong normalisation of alone, and proposition 6.4.13: the two kinds of reduction \do not mix".

To establish that R 2 T , we dene a subset " of (C ) (with C as above), within which all the reductions which interest us take place. The syntax of raw terms of " is dened as follows: T ::= ~x:B j (~x:T )S~ (length (S~ ) = length (~x)) B ::= j n j case A F ] (n 2 ! ) ~ A ::= xT1 Tn j B j (~x:B )S (length (S~ ) = length (~x)) F :!*B (dom (F ) nite) : We dene the following multiple version ~ of -reduction: ( ~ ) (~x:T )S~ ! T S~ =~x]: The following properties are easily checked: The set " is stable under the reductions ~ , , and . The ~ normal form of a term of " is a -normal form, and belongs to T. Hence R 2 T . The fact that P (Q~ ) is well-dened is a consequence of the following property, which is easy to check: if S ! S and if S T , then T ! T , where ! is ~ reduction. It follows from the claim that fS (T~ ) j S P T~ Q~ g is directed. 0

0


161

We now show that the monoid laws hold. We examine associativity rst. By denition, (S (T1 Tn)) (T~ ) is the normal form of (x~ :(~x:S )T1 Tn)T~ 0

0

0

while S (T1 (T~ ) Tn (T~ )) is the normal form of (~x:S )(((x~ :T1)T~ ) ((x~ :Tn)T~ )) 0

0

0

0

0

0

and these two terms are ~ equal to (~x:S )(T1T~ =x~ ] TnT~ =x~ ]): Hence associativity holds for nite trees, which implies the associativity for innite trees by continuity. As for the identity laws, consider, say, S id . We construct by induction on S a nite subtree id S id such that S id S = S . We only examine the essential case S = case xiT~ F ]. We choose id S (least) such that id T id S for each T 2 T~ and such that the i-th component of id S has the form case G] with dom (F ) dom (G) (and of course G(n) = n whenever G(n) #). One reasons similarly for the other identity law. The product structure is trivial by construction, since the morphisms of the category are vectors: products of objects and pairing of arrows are their concatenations, while projection morphisms are dened with the help of the morphisms ~ . Finally, the exponent structure is also obvious. We set 0

0

0

0

~ ! (1 n ) = (~ ! 1 ~ ! n ) and use multiple abstraction to dene currying.

Theorem 6.4.15 The category BTPcf is a standard model of Pcf, in which

all compact elements of the interpretations of all types are denable (by terms without Y ).

Proof hint. We have already sketched the proof that BTPcf is a CCC. The homsets are obviously cpo's, and it is easy to check that BTPcf is a cpo-enriched CCC. The only closed trees of basic type are the trees n and . The Pcf constants

are given their obvious interpretation, e.g. succ] = x:case x succ ], where the second occurrence of succ is the usual successor function on !. The fact that all compact elements are denable is tedious, but easy, to verify, with arguments similar to the ones we have used to justify the identity laws. For example, the tree case x F ] where F (1) = 4 and F (3) = 1 is dened by if pred x then 4 else (if pred (pred (pred x)) then 1 else ):

2


162

We have thus obtained a standard model whose compact elements are all denable. What we lack is extensionality. By extensional collapse (cf. exercise 4.5.6), we can obtain a category BTPcf] with enough points. It remains to see whether this category is cpo-enriched. It turns out that it has enough limits to make it possible to interpret Y and the (Y )-rule, and thus to obtain a fully abstract model of Pcf because the category BTPcf] inherits from BTPcf the property that all its \compact" elements are denable (see exercises 6.4.16 and 6.4.17). However BTPcf] is (a priori) not the unique order-extensional model of Pcf (cf. exercise 6.4.7). To obtain the latter, we go through a slightly more involved construction. We build a logical-like collapse relation over compact Pcf Bohm trees, and we then perform an ideal completion of the quotient. This guarantees by construction that the resulting category BTPcf ] is cpo-enriched. However there is still a subtle point in showing that extensionality is preserved by the completion. For this, we have to resort to nite projections (cf. section 5.2). We give more details in exercises 6.4.18 and 6.4.19. Exercise 6.4.16 Let C be a cpo-enriched CCC, and let C] be its extensional collapse (cf. exercise 4.5.6), whose homsets are ordered pointwise. (1) Show that C] is rational 1

(in the terminology of AJM95]), i.e. satis es the following properties: (1) all homsets have a ? (2) for any A B and any f : A B ! A, the sequence ff n gn
The category BTPcf is a full subcategory of two categories of games, constructed recently by Hyland and Ong, and by Abramsky, Jagadeesan, and Malacaria HO94, AJM95]. The striking point about these categories of games is that their construction does not refer to the syntax. It is presently unknown whether the fully abstract model of Pcf can be eectively presented, i.e. whether its elements can be recursively enumerated. A related open problem is whether the observational equivalence is decidable for Finitary Pcf. A positive answer for this problem would follow from a positive answer to the denability problem for Finitary Pcf (cf. section 4.5).

Exercise 6.4.21 Using Statman's 1-section theorem 4.5.9, show that for any simply typed -terms M N , considered as Pcf terms, M =obs N i M = N . Hint: proceed as in the proof of Friedman's theorem via the 1-section theorem.

6.5 Towards Sequentiality We have already pointed out that -calculus is sequential (theorem 2.4.3). In section 4.5, we have exhibited an example of an inherently parallel function which is not denable in a (nitary version of) Pcf. In this section, we give further evidence of the sequential nature of Pcf. We dene sequential functions in a restricted setting, which will be later extended in chapter 14. We show that the compact denable rst-order functions of the continuous model of Pcf are exactly the (compact) rst-order sequential functions.

Denition 6.5.1 (sequential function (Vuillemin)) Let D, D1 : : : Dn be at cpo's, and let f : D1 Dn ! D be monotonic (hence continuous). Let x = (x1 : : : xn) 2 D1 Dn , and suppose that f (x) = ?. We say that f is


164

sequential at x if either f (z) = ? for all z x, or there exists i such that xi = ? and 8 y = (y1 : : : yn) (y > x and f (y) 6= ?) ) yi 6= ?: We say then that i is a sequentiality index for f at x.

The above denition goes back to Vui74]. The following easy proposition oers an alternative denition of sequential functions over at cpo's.

Proposition 6.5.2 Let D = X be a at cpo. The sets of sequential functions ?

from products of at domains to D are alternatively dened as follows, by induction on their arity n: Arity 1 : Any monotonic function f : D ! D is sequential. Arity n 2 : Given n, i n, X ! , and a set

ffx : D1 Di 1 Di+1 Dn ! D j x 2 X g ;

then the following function f is sequential:

f (x1 : : : xi 1 ? xi+1 : : : xn) = ? f (x1 : : : xi 1 x xi+1 : : : xn) = fx(x1 : : : xi 1 xi+1 : : : xn) : ;

;

;

Moreover, the compact sequential functions are exactly the functions obtained as above, with X nite at each induction step.

Proof. In both directions, the proof goes by induction on the arity. The two

parts of the statement are proved together. If f is sequential, then we pick a sequentiality index i at ?, and we dene the fx's by the second equation in the statement. They are clearly sequential, hence induction applies to them. If f is compact, X cannot be innite, as otherwise f would be the lub of an innite sequence of functions obtained by cutting down X to its nite subsets. Conversely, let f constructed as in the statement and x such that f (x) = ? and f (z) 6= ? for some z > x. There are two cases: xi = ? : Then i is a sequentiality index at x. xi = j 6= ? : Then j 2 X and by induction fj has a sequentiality index at (x1 : : : xi 1 xi+1 : : : xn), which is a sequentiality index of f at x. If the X 's are all nite, then the description of f is nite, from which compactness follows easily. 2 ;

Exercise 6.5.3 Show that the C -logical relations, where C is the set of all the constants of Pcf(including Y ), are exactly the Sieber sequential relations of de nition 4.5.16.

Hint: show that at each type , the set of invariant elements of a Sieber sequential relation forms an inclusive predicate.

6.5. TOWARDS SEQUENTIALITY

165

Hence (compact) sequential functions on at domains can be described by sequential \programs", which can actually be written as Pcf terms, as the following proposition shows. Theorem 6.5.4 For a compact rst-order function f of the continuous model of Pcf(and more generally for a function from a product of at domains to a at domain), the following properties are equivalent: 1. f is sequential. 2. f is denable in the following restriction (C ) of Pcf (with of base type): 0

C = f n tt pred zero ? if then else g: 0

3. f is denable in Pcf. 4. f is invariant under all k + 1-ary relations Sk+1 (k 1) dened at ground type by

(x1 : : : xk+1) 2 Sk+1 , (9 j k xj = ?) or (x1 = : : : = xk+1 6= ?)): These relations are special cases of Sieber sequential relations, cf. denition 4.5.16. More precisely: Sk+1 = S k1+1 ::: k 1 ::: k+1 . f

g f

g

Proof. (1) ) (2) It is easy to check by induction on terms that the functions

dened by the restricted syntax are monotonic. It is also easy to see that the restricted syntax allows to encode all compact sequential functions, as characterised in proposition 6.5.2 (cf. proof of theorem 6.4.15). Hence the interpretation function is a surjection from the restricted syntax to the set of compact rst-order sequential functions. (2) ) (3) Obvious by inclusion. (3) ) (4) This follows from lemma 4.5.3 and from exercise 6.5.3. (4) ) (1) Suppose that f is not sequential. Then there exists x = (x1 : : : xn) such that: f (x) = ? J = fj n j xj = ?g 6= 8 j 2 J 9 yj = (y1j : : : ynj ) ((8 i 62 J yij = xi) and yjj = ? and f (yj ) 6= ?) : Without loss of generality, we can assume that J = f1 : : : kg for some k 1 (and n). We claim that (yi1 : : : yik xi) 2 Sk+1 for all i n. This follows from the following easy case analysis.

i 62 J : then yi1 = : : : = yik = xi: i 2 J : then yii = ?:

166


Hence, by invariance: (f (y1) : : : f (yk ) f (x)) 2 Sk+1 , which contradicts the definition of Sk+1, since we have assumed f (yj ) 6= ? for all j k and f (x) = ?. 2 We don't know how to extend this correspondence to higher orders. Both the model of sequential algorithms and the strongly stable model, which is built in chapter 14 and section 13.3, respectively, contain non Pcf-denable functionals such as the functionals presented in exercises 4.5.18 and 4.5.19.

Exercise 6.5.5 Show that every Pcf de nable rst-order function in a standard model of Pcf is sequential. Hint: given a closed term M , call Mn the term obtained by

replacing Y by f:f n , and let Pn be the normal form of Mn . Show that the Pn 's form a directed set, and exploit this to show that they all contribute to a single sequential function de ned as in proposition 6.5.2.

Chapter 7 Domain Equations This chapter presents general techniques for the solution of domain equations and the representation of domains and functors over a universal domain. Given a category of domains C we build the related category Cip (cf. chapter 3) that has the same objects as C and injection-projection pairs as morphisms (section 7.1). It turns out that this is a suitable framework for the solution of domain equations. The technique is applied in section 7.2 in order to solve a predicate equation. The solution of the predicate equation is used in proving an adequacy theorem for a simple declarative language with dynamic binding. The category of injection-projection pairs is also a suitable framework for the construction of a universal homogeneous object (section 7.3). The latter is a domain in which every other domain (not exceeding a certain size) can be embedded. Once a universal object U is built, it is possible to represent the collection of domains as the domain FP (U ) of nitary projections over U , and functors as continuous functions over FP (U ). In this way, one obtains a poset-theoretical framework for the solution of domain equations that is more manageable than the general categorical one (section 7.4). A third approach to the solution of domain equations consists in working with concrete representations of domains like information systems, event structures, or concrete data structures (introduced in denitions 10.2.11, 12.3.3 and 14.1.1, respectively). At this level, domain approximation can be modeled by means of inclusions relating the representing structures, and domain equations can be then solved as ordinary xpoint equations. As in the nitary projections approach the solutions obtained are exact solutions (F (D) = D, and not merely F (D) = D). This was rst remarked by Berry in the framework of concrete data structures. We do not detail this approach here (a good reference is Win93]Chapter12]). See however exercises 10.2.14 and 14.1.13. 167

CHAPTER 7. DOMAIN EQUATIONS

168

7.1 Domain Equations

One of the earliest problems in denotational semantics was that of building a model of the untyped -calculus. This boils down to the problem of nding a non-trivial domain D isomorphic to its functional space D ! D (cf. chapter 3). Following work by Wand, Smyth and Plotkin Wan79, SP82], we present a generalization of the technique proposed by Scott Sco72] for the solution of domain equations. An !-chain is a sequence fBn fngn ! such that fn : Bn ! Bn+1 for all n. We write fn m = fm 1 fn for m > n. The general categorical denition of colimit (cf. section B.2) specializes to !-chains as follows. A cocone fB gngn ! of the !-chain fBn fn gn ! is given by an object B , and a sequence fgn : Bn ! B gn ! satisfying gn+1 fn = gn for all n. A cocone fB gngn ! is a colimit if it is an initial object in the category of cocones, that is if for any other cocone fC hngn ! there exists a unique morphism k : B ! C such that k gn = hn for all n. Let T : K ! K be an endo-functor. We outline some rather general results that guarantee the existence of an initial solution for the equation TX = X . It will be shown next that these results can be usefully applied to the solution of domain equations. 2

;

2

2

2

2

2

Denition 7.1.1 (T -algebra) Let T : K ! K be an endo-functor. A T -algebra is a morphism : TA ! A. T -algebras form a category. If : TA ! A and : TB ! B are T -algebras then a morphism from to is a morphism f : A ! B such that f = Tf . 1 Lemma 7.1.2 Every initial T -algebra is an isomorphism. Proof. Let : TA ! A be initial. Then T : TTA ! TA is also a T -algebra and by initiality there is i : A ! TA such that: i = T Ti = T ( i) : (7.1) We observe that is a morphism (of T -algebras) from T to . By composition and initiality we get i = id. By the equation 7.1 above we derive:

T ( i) = T (id) = id = i : So i is the inverse of .

2

The following proposition will appear natural if one thinks of categories as cpo's and of functors as continuous functions. A stronger notion of T -algebra is given in denition B.8.3 in the case T is the functor component of a monad. 1

7.1. DOMAIN EQUATIONS

169

Proposition 7.1.3 Let C be a category with initial object and !-colimits and T : C ! C be a functor that preserves !-colimits. Then there is an initial T -algebra.

Proof. Let 0 be the initial object. Consider the uniquely determined morphism z : 0 ! T 0. By iterating T on this diagram we get an !-diagram D = fT i0 T izgi
giB = T TT T i 1 T izB i < ! zB : 0 ! B : ;

It is enough to check that giB+1 T iz = giB , which follows from TzB z = zB . (2) Any morphism of T -algebras u : ! , where : TA ! A and : TB ! B , induces a morphism between the related cocones over D, as dened in (1). Suppose Tu = u . Then: 0

0

u giA0 = u T T i 1 T izA0 = Tu T T i 1 T izA0 = = T T i 1 T izB = giB : ;

;

;

Hence there is at most one T -algebra morphism u : h ! . (3) To prove existence we relate morphisms in CoconefT i0 T izgi
When solving domain equations, we may wish to start the construction of the !-diagram with some morphism z : X ! TX , where X is not necessarily an initial object (cf. denition 3.1.6). In the poset case this corresponds to looking for the least xed point of a function f : D ! D, above a given point d such that d f (d). If D is an !-dcpo, and f is !-continuous then we can compute

170


the solution as Wn
Denition 7.1.4 Given a category C and an object X 2 C, we dene the slice category C " X as follows (there is a related slice category C # X which is introduced in example B.1.5)

C " X = ff : X ! B j B 2 Cg (C " X )f g] = fh j h f = gg : Also given a functor T : C ! C, and a morphism z : X ! TX we dene a new functor Tz : C " X ! C " X as follows: Tz (f ) = Tf z Tz (h) = Th : Proposition 7.1.5 Let C be a category with initial object and !-colimits and T : C ! C be a functor that preserves !-colimits. The category C " X has initial object and ! -colimits, moreover given a morphism z : X ! TX , the functor Tz preserves !-colimits.

Proof hint. The commutation conditions displayed in equations 7.2 and 7.3

arise as a consequence of the abstract denitions. We show that there is a morphism h : TA ! A which is the initial Tz -algebra. 2 Consider the functor ): Cop C ! C, dened in every CCC, that given objects A, B returns the exponent A ) B (with the standard extension to


171

morphisms). We would like to nd solutions to equations such as X = X ) D, or X = X ) X . We recall from chapter 3 that there is no way we can look at X:X ) D, or X:X ) X as (covariant) functors. We will introduce new structures that allow us to see the problem as an instance of the one solved by proposition 7.1.3. In the rst place we present the notion of injection-projection pair in an O-category Wan79].

Denition 7.1.6 (O-category) A category C is called an O-category if (1) ev-

ery hom-set is an ! -directed complete partial order, and (2) composition of morphisms is a continuous operation with respect to the orders of the hom-sets.

Next we formulate some familiar notions (cf. chapter 3) in the framework of O-categories.

Denition 7.1.7 (retraction, injection, projection) Let C be an O-category, and let A B 2 C. (1) A retraction from A to B is a pair (i j ) such that i : A ! B , j : B ! A, j i = idA (we write then A / B ).

(2) An injection-projection from A to B is a pair (i j ) which is a retraction as above and such that i j idB (we write then A / B ). (3) A projection on A is a morphism p : A ! A such that p p = p and p idA.

Example 7.1.8 Cpo is an O-category, ordering the morphisms pointwise. We note that in an injection-projection pair, injection and projection are strict (cf. denition 1.4.17) functions.

Denition 7.1.9 Let C be an O-category. The category Cip has the same objects as C and injection-projection pairs as morphisms: CipA B ] = f(i j ) j i : A ! B j : B ! A j i = idA i j idB g : Composition is given by (i j ) (i j ) = (i i j j ), identities by (id id). Proposition 7.1.10 Let C be an O-category. Then: (1) Cip is a category in which all morphisms are monos. (2) If C has a terminal object, if each hom-set CA B ] has a least element ?A B , and if composition is left-strict (i.e. f : A ! A implies ?A0 A00 f = ?A A00 ), then Cip has an initial object. Proof. (1) Suppose: (i j ) (i j ) = (i j ) (i j ). That is (i i j j ) = (i i j j ). Since i is a mono, i i = i i implies i = i . Therefore, by proposition 3.1.3, j = j . (2) Let 1 be the terminal object in C. We show that 1 is initial in Cip. Given A 2 C, we rst show (?1 A ?A 1) 2 Cip1 A]. On one hand, ?A 1 ?1 A = id1 0

0

0

0

0

0

00

00

0

00

0

0

00

00

00

0

0

00

0


172

since 1 is terminal, on the other hand ?1 A ?A 1 = ?A A idA since composition is left strict. There are no other morphisms in Cip1 A] since ?A 1 is the unique element of CA 1]. 2 We are now in a position to suggest what the category of injection-projection pairs is good for. Given a functor F : Cop C ! C, we build a functor F ip : Cip Cip ! Cip which coincides with F on objects. In particular the exponent functor is transformed into a functor which is covariant in both arguments. We then observe that F ip(D D) = D in Cip implies F (D D) = D in C. ip In other words, we build a related structure, C , and we consider a related problem, F ip(D D) = D, whose solutions can be used for the initial problem. The advantage of the related problem is that we only have to deal with covariant functors and therefore we are in a favorable position to apply proposition 7.1.3. Towards this goal, it is natural to look for conditions on C that guarantee that Cip has !-colimits (we already know that under certain conditions it has an initial object) as well as for conditions on F that guarantee that F ip is !-cocontinuous, i.e. it preserves !-cochains (cf. section B.2).

Denition 7.1.11 (locally continuous) Let C be an O-category and F : Cop C ! C be a functor (the generalization to several arguments is immediate). We

say that F is locally monotonic (continuous) if it is monotonic (continuous) w.r.t the orders on the hom-sets.

Exercise 7.1.12 Verify that the product and exponent functors on Cpo are locally continuous.

There is a standard technique to transform a covariant-contravariant monotonic functor on C into a covariant functor on Cip .

Denition 7.1.13 Given F : Cop C ! C dene F ip : Cip Cip ! Cip as follows:

F ip(c c ) = F (c c ) F ip((i j ) (i j )) = (F (j i ) F (i j )) : 0

0

0

0

0

0

Exercise 7.1.14 Verify that F ip as de ned above is a functor. The following result points out that the !-colimit of fDn (in jn)gn ! in Cip can be derived from the !op-limit of fDn jn gn ! in C. One often refers to this situation as limit-colimit coincidence. 2

2

Theorem 7.1.15 (limit-colimit coincidence) Let C be an O-category. If C has !op-limits then Cip has !-colimits.


173

Proof. Consider an !-chain fDn fn gn ! in Cip where we denote with fn+ : Dn ! Dn+1 the injection and with fn : Dn+1 ! Dn the embedding. Let fC gn gn ! = limCfDn fn gn ! . We show that Dm can be made into a cone for fDn fn gn ! , for all m. There is a natural way to go from Dm to Dn via the morphism hm n : Dm ! Dn which is dened as follows: 2

;

;

;

2

;

2

2

8> if m = n < id hm n = > fn fm 1 if m > n : fn+ 1 fm+ if m < n : It is enough to check that fn hm n+1 = hm n. Hence a unique cone morphism gm+ : Dm ! C is determined such that gn gm+ = hm n , for all n. We note that gm gm+ = id, since hm m = id. And we observe: gm+ gm = gm++1 fm+ fm gm+1 gm++1 gm+1 : Hence fgm+ gmgm ! is a chain and we write k = Wm ! gm+ gm. We claim that (1) (2) if fC gngn ! is a cocone of fD fn gn ! in Cip such that W k g=+ idg, and = id then the cocone is a colimit. ;

;

;

;

;

;

;

;

;

;

;

;

;

2

2

2

m ! m 2

2

m ;

(1) It is enough to remark that k is a cone endomorphism over fC gmgm ! as: ;

gm k = Wgm (Wi ! gi+ gi ) = gWm (Wi m gi+ gi ) = i m gm gi+ gi = i m hi m gi = gm : ;

;

;

2

;

;

2

;

;

;

;

(2) Let fB lmgm ! be another cocone. We dene: 2

p+ =

_

m ! 2

lm+ gm : C ! B p = ;

;

_

m ! 2

gm+ lm : B ! C : ;

It is easy to check that p : C ! B in Cip . Moreover p is a morphism of cocones between fC gmgm ! and fB lmgm ! . Finally suppose q is another morphism with this property. Then: 2

2

(q+ q ) = (Wq+ (Wm ! gm+ gm )W (Wm ! gm+ gm ) q ) = (Wm ! q+ gm+ Wgm m ! gm+ gm q ) = ( m ! lm+ gm m ! gm+ lm) = (p+ p ) : ;

;

;

2

;

2

;

2

;

;

2

;

2

;

2

;

2

We can extract from the previous proof the following useful information.

Proposition 7.1.16 Let C be an O-category, and let fDn fn gn !Wbe an !-chain in Cip , with a cocone fC gn gn ! . Then fC gn gn ! is a colimit i n ! gn+ gn = 2

id.

2

2

;

2


174

We now show how to build !op -limits in the category Cpo.

Proposition 7.1.17 The category Cpo has !op-limits. Proof. Consider an !op-chain in Cpo fDn fn gn ! where fn : Dn+1 ! Dn . We 2

dene:

D = f : ! !

n ! 2

Dn j (n) 2 Dn and fn((n + 1)) = (n)g

with the pointwise ordering D i 8n 2 ! ((n) Dn (n)). It is easy to verify that this makes D into a cpo. Now fD gn gn ! is a cone with gn () = (n). Suppose fE hngn ! is another cone. Then a continuous function k : fE hngn ! ! fD gn gn ! is completely determined by the equation k(e)(n) = (gn k)(e) = hn (e). 2 2

2

2

2

Therefore, as an instance of theorem 7.1.15, we obtain:

colimCpoip fDn fngn ! = limCpofDn fn gn ! : ;

2

2

This result is applied to binite domains in the following.

Proposition 7.1.18 The category Bif ip has !-colimits. Proof. Given an !-chain in Bif ip fDn fngn ! let fD gn gn ! be its !-colimit in Cpoip which exists by proposition 7.1.17 and theorem 7.1.15. WIt remains to verify that D is binite. Since Dn is binite for any n 2 !, we have i In pn i = id where fpn i gi In is a directed set of nite projections over Dn . We compute: id = Wn ! (gn+ gn ) = WWn ! (Wgn+ (Wi In pn i ) gn ) = Wn ! i In (gn+ pn i gn ) = n ! i In (gn+ pn i gn ) : We note that gn+ pn i gn is a nite projection and that the set fgn+ pn i

gn gn ! i In is directed by proposition 5.2.3. 2 2

2

2

2

;

;

2

2

2

;

2

2

;

2

2

;

;

2

2

We now turn to functors. The following result relates local continuity and preservation of !-colimits.

Proposition 7.1.19 Let C be an O-category with !op-limits. If F : Cip C ! C is a locally continuous functor then F ip : Cip Cip ! Cip preserves ! -colimits. Proof. We have already observed that if F is locally monotonic then F ip is a functor. Let f(Dn En ) (fn gn )gn ! be an !-diagram in Cip Cip with colimit f(D E ) (hn kn )gn ! built as in the previous theorem 7.1.15. To show that the 2

2


175

cocone fF ip(D E ) F ip(hn kn )gn ! is a colimit for fF ip(Dn En ) F ip(fn gn )gn it is enough to verify that (cf. proposition 7.1.16): _ F (hn kn+ ) F (h+n kn ) = idF (D E) : 2

!

2

;

;

n ! 2

This is proven as follows: W F (h k+) F (h+ k ) = W F (h+ h k+ k ) n ! n ! n n n n n n n n = F (Wn ! h+n hn Wn ! kn+ kn ) = F (idD idE ) = idF (D E) : ;

;

2

;

;

2

;

2

;

2

2

To summarize the method, we suppose given: An O-category C such that the hom-sets have a least element, composition is left strict, and C has (certain) !op-limits. A locally continuous functor F : Cop C ! C. We can apply the previous constructions and build: The category Cip which has an initial object and !-colimits. The functor F : Cip Cip ! Cip which preserves !-colimits. Therefore we nd an initial solution for F ip(X X ) = X in Cip . The initial solution also gives a solution for the equation F (X X ) = X in C. Exercise 7.1.20 Show the existence of a non-trivial domain D such that D = D D = D ) D. Hint: consider the system D

= D ) E and E

= E E. Exercise 7.1.21 Let ( ) be the lifting functor (see de nitions 1.4.16 and 8.1.5). Show that the equations D

= D ) (D) and D

= (D) ) (D) have a non-trivial initial ip solution in Cpo . Exercise 7.1.22 Explain how to build two non-isomorphic, non-trivial solutions of the equation D

= D ) D. Hint: one can start the construction with a cpo which is not a ?

?

?

?

lattice.

Combining theorem 7.1.15 and proposition 7.1.3, we get the following socalled minimal invariant property, which gives a powerful tool for reasoning in recursively dened domains Pit95]. Proposition 7.1.23 (minimal invariant) Let C be an O-category with a terminal object and !op -limits, and such that each hom-set has a least element, and composition is left-strict. Let F : Cop ! C be locally continuous. Let i : F (C ) ! C be an order-isomorphism constructed as indicated in the proof of proposition 7.1.3. We dene : CC C ] ! CC C ] as follows:

(f ) = i F (f ) i 1 Then i is a minimal invariant, by which is meant that the function is continuous and has id as least xed point. ;


176

Proof. The statement follows from proposition 7.1.16 and from the following claim:

8 n 0 n(?) = gn+ gn

;

where fC gngn ! is constructed as in the proof of theorem 7.1.15. The base case follows from left-strictness of composition. The induction case follows from the fact that (i i 1) is an iso from fF (C ) hngn ! to fC gn+1gn ! , with h+n = F (gn ) and hn = F (gn+). 2 2

;

2

2

;

;

In the cpo case, we have seen that least xed points are actually least prexpoints (proposition 1.1.7). The following exercise gives a version of this for a contravariant functor Pit95].

Exercise 7.1.24 (1) Under the assumptions of proposition 7.1.23, suppose that f : A ! F (B ) and g : F (A) ! B are given (think of the functor H : Cop C ! Cop C de ned by H (A B) = (F (B) F (A))). Show that there exists a unique pair of morphisms h : A ! C and k : C ! B such that:

F (k ) f = i

1

;

h

and

g G(h) = k i

(2) Show that id is in fact the unique xpoint of . (3) Prove a version of (1) and (2) and of proposition 7.1.23 for a functor F : Cop C ! C. Hints: For uniqueness, proceed as in the proof of theorem 7.1.15: take f = i 1 g = i. Consider again, as a heuristics, an associated functor H : Cop C ! Cop C. ;

0

We have seen (almost) a minimal invariant at work in proposition 3.2.7. We shall use another one to prove an adequacy result in section 7.2. We conclude this section with a version of Cantor's theorem on spaces of monotonic functions. Cantor's theorem states that there is no surjection from D to P (D) in the category of sets. It follows that the problem (D ) D) / D has no non-trivial solution in this category (otherwise P (D) = (D ) 2) / (D ) D) / D). This result can be generalized to the category of partially ordered sets and monotonic morphisms (cf. GD62]) (a posteriori, this provides a justication for jumping directly from set-theoretic to continuous functions). In the following O = f? >g is the two points poset with ? < >, and D ! E ] denotes the poset of monotonic morphisms, with D E posets.

Proposition 7.1.25 Let P be a poset. There is no monotonic surjection e : P ! P ! O] ! O]. Proof. First we build a monotonic surjection e1 : P ! O] ! O] ! P op ! O]. To this end we dene:

f : P op ! P ! O]

_ fxy = f> j x yg :


177

We observe that f is monotonic and injective as:

fx fz i 8y (x y ) z y) i z x : Next we dene e1(F ) = F f . We verify the surjectivity. Suppose d : P op ! O, let: _ Hd : P ! O] ! O Hd(h) = fdx j fx hg : Hd is clearly monotonic. Surjectivity follows from the computation:

_ _ e1(Hd )(z) = Hd (fz) = fdx j fx fzg = fdx j z xg = dz :

Suppose by contradiction that there is a monotonic surjection e : P ! P ! O] ! O]. By composition with e1 we derive the existence of a surjection s : P ! P op ! O]. We apply a diagonalization trick dening:

_ c c : P op ! O c(x) = s(x)(x) c (x) = fc(y) j x yg 0

0

where ? = > and > = ?. Note that c is monotonic. Let w be such that c = s(w). We claim that there is a y w such that c(y) = >. If c(w) = > take w. Otherwise, if c(w) = ? then s(w)(w) = >, that is c (w) = >. Hence c(y) = > for some y w. Suppose then c(y) = >. We derive a contradiction as follows: s(y)(y) = ? by denition of c. s(y)(y) = > because: 0

0

0

c(y) = > ) c (y) = > by denition of c ) s(w)(y) = > since c = s(w) ) s(y)(y) = > by left monotonicity of s and y w : 0

0

0

2

Corollary 7.1.26 If P ! P ] / P in the category of posets and monotonic morphisms then ]P = 1.

Proof. Since the empty poset is not a solution suppose ]P 2. If all elements in P are incomparable then Cantor's theorem applies. Otherwise, let x1 < x2 2 P . Then the pair (i O ! P j : P ! O) dened by: ( ( x x2 x 2 y => i(y) = x y = ? j (x) = > ? otherwise 1 shows O / P . We observe that D / D and E / E implies D ! E ] / D ! E ]. By P ! O] / P ! P ] / P we derive P ! O] ! O] / P , contradicting the 0

previous proposition 7.1.25.

0

0

0

2


178 n] x]

(let x bedyn M in N ) ]

! ! !

n (x)] N M=x]]

Figure 7.1: Operational semantics of Dyn

7.2 Predicate Equations * In proving properties of programs, one is often faced with predicates. We have seen their use in chapter 6, in particular for the proof of the adequacy theorem 6.3.6. If the semantics of a language involves recursively dened domains, then proving properties of programs may involve recursively dened predicates, and the existence of the solutions to these predicate equations may be troublesome, just as we had troubles with contravariance in solving domain equations. We treat an example of Mulmuley Mul89], borrowing our techniques from Pitts Pit95], to which we refer for a general treatment. Our example consists in proving an adequacy theorem for a simple declarative language Dyn, based on dynamic binding, whose syntax is given by: Ide ::= x j y j : : : M ::= n j Ide j let Ide bedyn M in M :

where n ranges over natural numbers and where x y : : : range over a set Ide of identiers. The intended value of: let x bedyn 3 in let y bedyn x in let x bedyn 5 in y is 5, because in computing the value of y it is the last value of x, namely 5, which is used. In contrast, the -term ( x:( y:( x:y )5)x)3 evaluates to 3. We say that -calculus is static. In the static discipline, the declaration of x which is used when evaluating y is the one which is immediately above y in the program text. The operational semantics of Dyn is described via rewriting rules on pairs (M ), written M ], until eventually a constant n is reached. In the pairs M ], M ranges over the set Exp of terms and ranges over the set of syntactic environments which are functions from Ide to Exp . The rules are given in gure 7.1. These rules should be contrasted with the rules for the environment machines described in section 8.3. In both cases a natural implementation relies on a stack to pile up unevaluated expressions. However, in dynamic binding we just save the code, whereas in static binding we memorise the code with its environment (a closure). A denotational semantics of this language can be given with the help of a semantic domain D satisfying the equation D = Ide ! (D * ! ). The meaning M ] of a term M is as a partial function from D (ranged over by ) to ! , dened in gure 7.2 (without an explicit mention of the isomorphism i : D = Ide ! (D * ! )).

7.2. PREDICATE EQUATIONS *

179

n] ( ) = n x] ( ) = (x)( ) ( (x)( ) #) let x bedyn M in N ] ( ) = N ] ( M ] =x])

Figure 7.2: Denotational semantics of Dyn These semantic equations look \the same" as the rules dening the operational semantics. It requires however a non-trivial proof to show the following adequacy property of the denotational semantics with respect to the operational semantics: If M is a closed term of Dyn, then M ] ! n i M ] (?) = n,

where ] is the identity syntactic environment and ? is the constant ? function. We rst need to formulate adequacy for any term. We dene a semantic mapping from syntactic environments to semantic environments in the following way: ] (x) = (x)]] : The general adequacy result that we want to prove is:

For any M and , M ] ! n i M ] ( ] ) = n .

()) We proceed by induction on the length of the derivation of M ] to n:

n: We have n] (] ) = n by the rst semantic equation. x:

x] ( ] ) = ] (x)( ] ) = (x)]]( ] ) = n by induction .

let x bedyn M in N :

let x bedyn M in N ] ( ] ) = N ] ( ] M ] =x]) = N ] ( M=x]]]) = n : (() The proof involves a predicate mutually recursive specication: = =

(D * !) Exp satisfying the following

f(f M ) j 8 ( ) 2 (f ( ) " or M ] ! f ( ))g f( ) 2 D (Ide ! Exp ) j 8 x 2 Ide ( (x) (x)) 2 g :

The whole point of this section is to prove that exists. Meanwhile, assuming its existence, we end the proof of adequacy. We prove by induction on the size of M that (M ] M ) 2 .


180

n:

This case holds vacuously since we always have n] ( ) = n and n ] ! n, regardless of what and are. x: Let ( ) 2 . In particular, ( (x) (x)) 2 . By the specication of , we have thus:

(x)( ) " or (x) ] ! (x)( ) which by the denition of the two semantics can be rephrased as:

x] ( ) " or x ] ! x] ( ) :

let x bedyn M in N : Let ( ) 2 . First, exploiting induction on M , we get (M ] M ) 2 . The conclusion follows by applying induction to N . We are now left with the proof of the existence of . We set:

H (E ) = Ide ! (E * ! )

G(E ) = (E * ! ) Exp : We have H : Cpoop ! Cpo. The ordering on H (E ) is obtained as follows: E * ! is isomorphic to E ! ! (cf. denitions 1.4.16 and 1.4.17), and given a domain D , Ide ! D is the product of copies of D indexed over Ide , ordered pointwise. Remark that f?g * ! (and hence H (f?g)) has innitely many elements, which makes the initial solution of H (D) = D non-trivial. We \extend" H to predicates as follows. For R G(E ), we dene H (R) G(H (E )) as the set of pairs (f M ) such that: 8 2 H (E ) 2 Ide ! Exp (8 x ( (x) (x)) 2 R) ) (f ( ) " or M ] ! f ( )) : The predicate is a xpoint for the following function K : P (G(D)) ! P (G(D)): K (R) = f(f M ) j (f i M ) 2 H (R)g where i : H (D) ! D is the minimal invariant (cf. proposition 7.1.23). The trouble is that, because H is contravariant in E , the function K is antimonotonic. The sequence fK n ()gn
?

0

0

morphisms, we are led to examine the relationships between morphisms and relations more closely. Given f : E ! E , R G(E ) and R G(E ), we write: 0

f :R!R

0

0

0

, 8 (g M ) 2 R (g f M ) 2 R : 0

7.2. PREDICATE EQUATIONS *

181

The following are easily established facts: (R1) If f : R ! R and f : R ! R , then f f : R ! R . (R2) id : R ! R if and only if R R. (R3) If f : R ! R , then H (f ) : H (R ) ! H (R). Moreover, we restrict our attention to predicates R satisfying the following properties. W (I 1) Closure under directed lub's: (8 2 ( M ) 2 R) ) ( M ) 2 R. (I 2) 8 M (? M ) 2 R. (I 3) 8 n 2 ! (( :n M ) 2 R , M ] ! n). We denote with I (E ) (I for \inclusive", cf. section 6.2) the collection of predicates over G(E ) satisfying properties (I1) through (I3). Clearly, I (E ) has a bottom element, which is: f( :n M ) j M ] ! ng f(? M ) j M 2 Exp g : Moreover, H is compatible with (I1) through (I3). (R4) H maps I (E ) to I (H (E )). We only check that H (R) satises (I3). If ( :n M ) 2 H (R), then since (? x) 2 R for all x, we have M ] ! n. The converse direction follows from the fact that M ] ! n implies M ] ! n for any . From now on, we shall assume that all predicates satisfy (I1) through (I3). The following further facts will be needed. W (R5) For any directed (E ! E ), (8 2 : R ! R ) ) : R ! R . (R6) ? : R ! R , for any R R . Fact (R5) is a consequence of (I1), by the continuity of the composition operation. Properties (I2) and (I3) serve to establish (R6), as we show now. Let (d M ) 2 R . There are two cases. If d is strict, then d ? = ?, and (d ? M ) 2 R follows by (I2). If d = :n, the conclusion follows by (I3). We now have all the needed material. By property (R4), the function K restricts to a function from I (D) to I (D). Hence we can take the solution (R1 R2) in (I (D) ) (I (D) ). By (R2), by the minimal invariant property of i, and by (R5), our goal can be reformulated as: 0

0

0

00

0

0

00

0

0

0

0

0

0

0

0

0

8 n 0 n (?) : R 2 R 2

1

:

The base case of our goal holds by (R6). By xpoint induction (cf. section 6.2), we are left to show: f : R2 ! R1 ) (f ) : R2 ! R1 which by (R1) is proved as follows: i 1 : R2 ! H (R1) (K (R1) = R2) H (f ) : H (R1) ! H (R2) (by (R3)) i : H (R2) ! R1 (K (R2) = R1) : ;

Remark 7.2.1 Our proof uses only the fact that (R1 R2) is a xpoint (in I (D)), not

that this is the least one. So, in the end, we get not only that exists, but also that it is the \unique" solution of K (R) = R (cf. exercise 7.1.24).

182


7.3 Universal Domains

We discuss a technique for the construction of a universal domain and we apply it to the category of binite domains and continuous morphisms. In this section by binite domain we intend the !-binite (or SFP domains) described in chapter 5. In the rst place, we introduce the notion of algebroidal category (cf. BH76]) which generalizes to categories the notion of algebraicity already considered for domains.

Denition 7.3.1 (category of monos) A category K is called a category of monos if every morphism of K is mono. Example 7.3.2 Sets with injections form a category of monos. Denition 7.3.3 (compact object) Let K be a category of monos. An object A 2 K is compact if, for each !-chain fBn fngn ! with colimit fB gngn ! and any h : A ! B , there exists n and kn : A ! Bn such that h = gn kn . We denote with K(K) the collection of compact objects. 2

2

Remark 7.3.4 We note that for any n there is at most one kn, as K is a category of monos and therefore gn kn = gn kn = h implies kn = kn . Moreover, if gn kn = h then we can set kn+1 = fn kn as gn+1 fn kn = gn kn = h. 0

0

Denition 7.3.5 (algebroidal category) A category of monos K is algebroidal if: (1) K has an initial object. (2) Every !-chain of compact objects has a colimit. (3) Every object is the colimit of an !-chain of compact objects. An algebroidal category is !-algebroidal if the collection of compact objects, K(K), is countable up to isomorphism and so is the hom-set between any two compact objects.

Remark 7.3.6 The categories of !-algebraic dcpo's considered in this book are !-algebroidal. The category of ordinals is a notable example of non !-algebroidal category (non-limit ordinals cannot be enumerated up to isomorphism).

Exercise 7.3.7 Let S be the category of Scott domains (see de nition 1.4.9). Show that Sip is not an algebroidal category. How would you modify the de nition in order to include Sip among the algebroidal categories? Hint: A directed diagram in a category C is a functor D : I ! C, where I is a directed set. Show that: (1) Sip has colimits of directed diagrams. (2) Each object is the colimit of a directed diagram of compact objects.

7.3. UNIVERSAL DOMAINS

183

Next we dene the notion of universal object. In particular we will be interested in universal, homogeneous objects, as they are determined up to isomorphism. In this section we follow quite closely DR93] (see also GJ90]). More generally, the terminology and the techniques used in this section are clearly indebted to model theory. Denition 7.3.8 Let U be an object in a category K of monos, and let K be a full subcategory of K. Then we say that: (1) U is K -universal if 8A 2 K 9f : A ! U . (2) U is K -homogeneous if: 8A 2 K 8f : A ! U 8g : A ! U 9h : U ! U (h g = f ) :

(3) U is K -saturated if: 8A B 2 K 8f : A ! U 8g : A ! B 9k : B ! U (k g = f ) :

(4) K has the amalgamation property if: 8A B B 2 K 8f : A ! B 8f : A ! B 9C 2 K 9g : B ! C 9g : B ! C (g f = g f ) : Remark 7.3.9 Denition 7.3.8 requires the existence of certain morphisms but not their uniqueness. Proposition 7.3.10ipLet Bif ip be the category of !-binite domains and injectionprojection pairs. Bif is an !-algebroidal category and the collection of compact objects has the amalgamation property. Proof. To check that Bif ip is a category of monos with initial object it is enough to verify that Bif has a terminal object, the hom-sets have a least element and composition is left strict (cf. proposition 7.1.10). Let D 2 Bif . By proposition 5.2.3, D is compact in Bif ip i the cardinality of D is nite. Moreover, by denition of binite domain, each object in Bif ip is an !-colimit of compact objects. By proposition 7.1.18, each !-diagram of (compact) objects in Bif ip has a colimit. Next we verify that Bif ip has the amalgamation property. Let us consider three nite posets (E ), (D1 1), (D2 2) with morphisms hi : E ! Di, i = 1 2, in Bif ip. Without loss of generality we assume E = D1 \ D2 , then: 8e e 2 E (e e i e 1 e i e 2 e ) : Now we dene the amalgam as the set F = E (D1 nE ) (D2nE ) where f F f i 9i 2 f1 2g (f f 2 Di f i f ) or 9e 2 E (f i e j f ) for i 6= j i j 2 f1 2g :

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0


184

It is easy to verify that F is a partial order. We are left with the denition of the morphisms ki : Di ! F , i = 1 2. We take the inclusions for ki+ , and we dene: ( 2 D1 k1 (f ) = fh (f ) fotherwise : ;

;

2

k2 is dened symmetrically. It can be easily checked that ki is a morphism in Bif ip, and that k1 h1 = k2 h2. 2 ;

Theorem 7.3.11 Let K be an !-algebroidal category of monos. The following

properties are equivalent: (1) There is a K-universal, K(K)-homogeneous object (universal homogeneous for short). (2) There is a K(K)-saturated object. (3) K(K) has the amalgamation property. Moreover a K-universal, K(K)-homogeneous object is uniquely determined up to isomorphism.

Proof. The proof of this theorem is an immediate consequence of the following lemmas. The main di#culty lies in the proof of (3) ) (2) (see lemma 7.3.14). 2 Lemma 7.3.12 Let K be an algebroidal category of monos and let U V be K(K)saturated. Then:

8A 2 K(K) 8f : A ! U 8g : A ! V 9i : U ! V iso (i f = g) : Proof. Let f(Ui fi)gi ! and f(Vj gj )gj ! be !-diagrams of compact objects whose colimits are fU ligi ! and fV ligi ! respectively. Given f : A ! U and g : A ! V , by compactness of A we have 9fn : A ! Un (ln fn = f ) (by compactness of A) 9pn : Un ! V (pn fn = g) (by saturation) 9h0 : Un ! Vn (ln h0 = pn ) (by compactness) : We show how to iterate this construction once more. By saturation 9pn : Vn ! U (pn h0 = ln ). By compactness 9h1 : Vn ! Un (ln h1 = pn ). We proceed 2

2

0

2

0

0

0

0

0

0

0

1

0

1

2

0

0

0

1

1

0

1

2

2

1

1

inductively building Vn3 Un4 : : : We may suppose n0 < n1 < : : : We observe ln2 h1 h0 = pn1 h0 = ln0 . It is then possible, using the hi , to see V as (the object of) a cocone for f(Ui fi)gi ! and U as (the object of) a cocone for f(Vj gj )gj ! , by which the existence of the isomorphisms h and k which commute with f and g follows. 2

2

2

Lemma 7.3.13 Let K be an algebroidal category of monos. The following properties hold:

7.3. UNIVERSAL DOMAINS

185

(1) For any object U the following are equivalent: (a) U is K-universal and K(K)-homogeneous. (b) U is K(K)-universal and K(K)-homogeneous. (c) U is K(K)-saturated. (2) A K-universal, K(K)-homogeneous object is determined up to isomorphism. (3) If there is a K-universal and K(K)-homogeneous object then K(K) has the amalgamation property.

Proof. (1) We prove the equivalence as follows: (a) ) (b) Immediate, by denition. (b) ) (c) Let A B 2 K(K), f : A ! U , g : A ! B . By K(K)-universality 9g : B ! U . By K(K)-homogeneity 9h : U ! U (h g g = f ). So h g gives 0

0

0

saturation. (c) ) (a) Since there is an initial object 0, U is K(K)-universal by saturation applied to the (unique) morphisms f : 0 ! U and g : 0 ! A. U is also K(K)homogeneous by lemma 7.3.12. It remains to show that U is K-universal. Let A 2 K and let f(Ai fi)gi ! be an !-chain in K(K) whose colimit is A. Take advantage of K(K)-saturation to build a cocone with object U for such !-chain. Then there is a morphism from A to U . (2) Apply lemma 7.3.12 with A = 0. (3) Let A B B 2 K(K), f : A ! B , f : A ! B . By K(K)-universality 9h : B ! U . By K(K)-saturation 9h : B ! U (h f = h f ). Now consider an !-chain in K(K) whose colimit is U and use the compactness of B and B to factorize h and h along some element of the !-chain. 2 2

0

0

0

0

0

0

0

0

0

In the next lemma we use (for the rst time) the countability conditions that distinguish an !-algebroidal category from an algebroidal one.

Lemma 7.3.14 Let K be an !-algebroidal category of monos. If K(K) has the amalgamation property then it is possible to build a K(K)-saturated onbject. Proof. We use the hypothesis that K is !-algebroidal to build an enumeration up to isomorphism of the compact objects Ho = fAigi ! and an enumeration of all quintuples Mo = f(Bi Ci gi hi ji)gi ! , where Bi Ci 2 Ho, gi hi : Bi ! Ci, and ji 2 !, such that each quintuple occurs innitely often. We build an !-chain f(Ui fi)gi ! such that Ui 2 Ho and the following properties hold, where we set fj i : Uj ! Ui, and fj i = fi 1 fj : (1) 8i 2 ! 9ki : Ai ! Ui. (2) Given i consider the corresponding quintuple in the enumeration. If j = ji i 2

2

2

;

and Uj = Ci then

9k : Ui ! Ui+1(k fj i hi = fi fj i gi) :


186

A consequence of (1) is that, for all C 2 Ho and j su#ciently large, we can nd g : C ! Uj . We also note that if g h : B ! C with B C 2 Ho, and C = Uj , then (B C g h j ) will appear innitely often in the enumeration, so we can nd an i such that (B C g h j ) = (Bi Ci gi hi ji) and (j =)ji i. Then we dene U as the colimit of the !-chain f(Un fn)gn ! . While condition (1) is natural, condition (2) may seem rather obscure. First observe that if we just want to build a K(K)-universal object, that is satisfy condition (1), then it is enough to set U0 = A0 and proceed inductively using the amalgamation property on the (uniquely determined) morphisms f : 0 ! Un and g : 0 ! An+1. So, given lemma 7.3.13, condition (2) has to do with the fact that we want U to be K(K)saturated. Let us see how this is used. Let B C 2 Ho and g : B ! C h : B ! U . By (1) and B 2 K(K) we have: 9j (g : C ! Uj h : B ! Uj h = fj h ) : where fj : Uj ! U . Let g = g g . Choose i large enough so that: j i and (B Uj g h j ) = (Bi Ci gi hi ji) : By (2), 9k : Ui ! Ui+1 (k fj i h = fi fj i g ). From this, saturation follows. Finally we show how to build the !-chain f(Ui fi)gi ! . Set U0 = A0, the rst element in the enumeration Ho . Next suppose to have built Ui and consider Ai+1. As observed above there are f : 0 ! Ui and g : 0 ! Ai+1. By amalgamation we get, for some Ui , two morphisms f : Ui ! Ui and g : Ai+1 ! Ui . If j = ji i and Uj = Ci then apply amalgamation to f fj i hi and f fj i gi obtaining k : Ui ! Ui+1 and k : Ui ! Ui+1. It just remains to select Ui+1 isomorphic to Ui+1 and in Ho . Otherwise it is enough to choose an object Ui+1 in Ho isomorphic to Ui . The morphism from Ai+1 to Ui+1 is then immediately obtained by composition. 2 2

0

1

1

0

2

0

0

0

0

0

0

0

0

0

0

0

0

0

0

Corollary 7.3.15 The category Bif ip has a universal homogeneous object. Proof. We have shown in proposition 7.3.10 that Bif ip is an !-algebroidal

category with the amalgamation property. Hence theorem 7.3.11 can be applied.

2

Figure 7.3 draws a rough correspondence between domain theoretical and category theoretical notions.

7.4 Representation We are interested in the problem of representing subdomains of a domain D as certain functions over D. In particular we concentrate on retractions and

7.4. REPRESENTATION

187

in a cpo D

in Cpoip

in Cpo

?

initial object !-colimits functor F ip !-cocontinuous algebroidal

terminal object !op -limits functor F (not always) locally continuous

directed lub monotonic continuous algebraic

Figure 7.3: Domain-theoretical versus category-theoretical notions projections, the idea being that subdomains are represented by the image of such morphisms. When working with continuous cpo's, not every retraction (or projection) corresponds to a domain (i.e. an !-algebraic cpo). For this reason, one focuses on the collection of nitary retractions, which are by denition those retractions whose image forms a domain. The theory is simpler when dealing with (nitary) projections. Then it is not di#cult to show that the collection of nitary projections FP (D) over a binite domain D is again a binite. In other words the collection of subdomains of a binite domain can be given again a binite domain structure. Having found a representation of domains, we address the problem of representing domain constructors, e.g. product, exponent, sum, lifting. It turns out that the basic domain constructors we have considered so far can be represented in a suitable technical sense. The collection Ret(D) of retractions on a cpo D, is the collection of xpoints of the functional f:f f , and the image r(D) of a retraction r on D, coincides with the collection of its xpoints. Hence general results on xpoints can be immediately applied. We will see that under suitable hypotheses Ret(D) and r(D) enjoy certain algebraic properties.

Denition 7.4.1 Let D be an algebraic cpo and r 2 Ret(D). We say that r is nitary if r(D) with the induced order is an algebraic cpo. We say that r is a closure if id r. Proposition 7.4.2 Let D be a cpo. Then: (1) If f : D ! D is a continuous morphism then Fix(f ) = fd 2 D j f (d) = dg is a cpo. (2) Ret(D) = Fix(f : D ! D:f f ) is a cpo. (3) If r 2 Ret(D) then r(D) = Fix(r) is a cpo.

188


Proposition 7.4.3 Let D be an algebraic cpo and r 2 Ret(D). Then K(r(D)), the collection of compacts in r(D), can be characterized as follows:

K(r(D)) = frd j d 2 K(D) and d rdg : In particular, if p is a projection then K(p(D)) = p(D) \ K(D), and if c is a closure then K(c(D)) = c(K(D)). Proof. Suppose ry 2 K(r(D)). Since D is algebraic ry = Wfx 2 K(D) j x ryg. So: _ _ ry = r(ry) = r( fx 2 K(D) j x ryg) = frx j x 2 K(D) and x ryg : Since ry 2 K(r(D)), we have 9z (ry = rz and z 2 K(D) and z ry). This z gives the desired representation of ry. Vice versa suppose d 2 K(D) and d rd. Let $ r(D) directed. Then: _ d rd $ ) 9y 2 $ (rd ry = y) : The statements concerning projections and closures are an immediate corollary of this characterization of the compact elements. 2

Proposition 7.4.4 If D is a bounded complete cpo and r 2 Ret(D) then r(D) is bounded complete.

Proof. Let X r(D) and suppose W y 2 r(D) is an upper W bound forWX . Then X

is bounded in D and therefore D X exists. We show r(D) X = r( D X ). 8x 2 X (x WD X ) implies 8x 2 X (x = rx r(WD X )). So r(WD X ) is an upper bound. If y isWan upper bound for X in Wr(D) then it is also an Wupper bound for X in D, so D X y. This implies r( D X ) ry = y. So r( D X ) is the lub in r(D). 2 Let D be an (!-)algebraic cpo and r 2 Ret(D). Can we conclude that r(D) is again an (!-)algebraic cpo? The answer is no. In general it can only be shown that r(D) is a continuous cpo (see chapter 5).

Example 7.4.5 Let Q and R be the rational and real numbers, respectively. Let D = D0 D1 where D0 = f0 q] j q 2 Qg, and D1 = f0 rj r 2 R f1gg, ordered by inclusion. Consider the projection p dened by:

p(0 q]) = 0 q p(0 r) = 0 r : The domain D is an ! -algebraic complete total order with D0 as compact elements. On the other hand im(p) fails to be algebraic.

7.4. REPRESENTATION

189

For the collection Ret(D) things get even worse. For example it has been shown by Ershov (see exercise 18.4.10 in Bar84]) that the collection of retractions over P (!) is not a continuous lattice, hence a fortiori not the image of a retraction. This also shows that the collection of xpoints of a continuous function does not need to be a continuous cpo, as Ret(D) = Fix(f:f f ). We will consider retractions again in the context of stable domain theory (section 12.4). For the time being we will concentrate on the simpler case of nitary projections. Let D be a binite domain. The notion of nitary projection over D provides an adequate representation of the idea of subdomain, moreover the collection of nitary projections over D, FP (D), is again a binite domain. This is a powerful result that has applications for instance to the interpretation of higher-order calculi (see section 11.3). The following notion of normal subposet is useful in studying projections.

Denition 7.4.6 (normal subposet) Let (P ) be a poset. A subset N P is called a normal subposet if 8x 2 P (# x) \ N is directed. We denote with N (P ) the collection of normal subposets of P ordered by inclusion.

Theorem 7.4.7 Let D 2 Bif . Then:

(1) There is an isomorphism between the collection of normal subposets of the compact elements and the nitary projections over D: N (K(D)) = FP (D). (2) FP (D) is an !-algebraic complete lattice.

Proof. We remark that if p is a projection and x 2 D then (# x) \ p(D) = (# p(x)) \ p(D) : Moreover, if p is a nitary projection then K(p(D)) 2 N (K(D)). We use the hypothesis that p(D) is algebraic to show 8x 2 D (# x) \ K(p(D)) = (# p(x)) \ K(p(D)) that is directed.

We now proceed with the proof of statement (1) while leaving (2) as an exercise. If p is a nitary projection then dene Np = K(p(D)). This is a normal subposet of K(D) by the remark above. Vice versa, if N 2 N (K(D)) we dene:

_ pN (d) = ((# d) \ N ) :

This is well dened because (# d) \ N is directed. These two functions dene an isomorphism between FP (D) and N (K(D)). 2

Exercise 7.4.8 Show that if D is a Scott domain then FP (D) / (D ! D). Hint: given

f : D ! D consider Xf = fx 2 K(D) j x fxg and de ne Nf = U (Xf ). The set Nf corresponds to a nitary projection pNf . Set : (D ! D) ! (D ! D) as (f ) = pNf .

Note that this property fails for bi nite domains (cf. exercise 12.4.21).


190

Let U be a universal domain for some relevant category of domains, say Bif . Then every domain is isomorphic to the image of a nitary projection over U . Furthermore, it can be shown that certain basic operators over domains can be adequately represented as continuous functions over FP (U ). As a fall-out, one gets a technique to solve domain equations via the standard Kleene least-xed point theorem. Observe that there is an injective function Im from the poset FP (U ) to the category Bif ip (this is immediately extended to a functor): Im = p 2 FP (U ):p(U ) : Let F : Bif ip Bif ip ! Bif ip be a binary functor. The representation problem for F consists in nding a continuous function RF : FP (U ) FP (U ) ! FP (U ) such that the following holds, modulo order-isomorphism: F (p(U ) q(U )) = RF (p q)(U ) : Proposition 7.4.9 Product and Exponent are representable. Proof. In showing that Bif is a CCC (proposition 5.2.4), one uses the fact that if p 2 FP (D) and q 2 FP (D) then (d e):(p(d) q(e)) 2 FP (D E ) and f:(q f p) 2 FP (D ! E ). If U is a universal (homogeneous) domain for Bif ip then we may assume the existence of the injection-projection pairs: ((u u ):hu u i u:(1(u) 2(u))) : (U U ) ! U (i j ) : (U ! U ) ! U : It just remains to combine the two ideas to dene the operators representing product and exponential: (p q):u:hp(1(u)) q(2(u))i (p q):u:i(q j (u) p) : For instance, in the case of the exponential, we compose (p q):u:(q u p) : FP U FP U ! FP U U with r:i r j . 2 Remark 7.4.10 It is good to keepip in mind that Im is not an equivalence of categories between FP (U ) and Bif , as FP (U ) is just a poset category. This point is important when one interprets second order types (see section 11.3). Exercise 7.4.11 (1) Verify in detail that we can apply the xed point proposition 1.1.7 to the domain FP (U ) in order to get initial solutions of domain equations in Bif ip . (2) 0

0

!

Consider the representation problem for the operators of coalesced sum and lifting. (3) Consider the representation problem in the case we replace ( nitary) projections with ( nitary) retractions.

Finally, we point out that our results about the limit-colimit coincidence (theorem 7.1.15) and the existence of a universal homogeneous object (theorem 7.3.11) can be also applied to categories of cpo's and stable functions (cf. exercise 12.4.23).

Chapter 8 Values and Computations When considering the -calculus as the kernel of a programming language it is natural to concentrate on weak reduction strategies, that is strategies where evaluation stops at -abstractions. In presenting the semantic counterpart of these calculi it is useful to emphasize the distinction between value and computation. A rst example coming from recursion theory relies on the notions of total and partial morphism. In our jargon a total morphism when given a value always returns a value whereas a partial morphism when given a value returns a possibly innite computation. This example suggests that the denotation of a partial recursive algorithm is a morphism from values to computations, and that values are particular kinds of computations. In domain theory the divergent computation is represented by a bottom element, say ?, that we add to the collection of values. This can be seen as the motivation for the shift from sets to at domains. More precisely, we have considered three categories (cf. denition 1.4.17). The category Dcpo in which morphisms send values to values, say D ! E . This category is adapted to a framework where every computation terminates. The category pDcpo which is equivalent to the one of cpo's and strict functions, and in which morphisms send values to computations, say D ! (E ) . This category naturally models call-by-value evaluation where functions' arguments are evaluated before application. The category Cpo in which morphisms send computations to computations, or (D) ! (E ) . In the models of the untyped -calculus that we have presented the distinction value-computation can actually be hidden by regarding ? as an element with the same status of a value. Another framework where the distinction between values and computations is useful is that of xpoint extensions of typed -calculi. Consider for example a simply typed -calculus and its Curry-Howard correspondence with the minimal propositional logic of implication (cf. chapter 4). Suppose that we want to enrich the calculus with a xed point combinator on terms, say Y , allowing for ?

?

?

191

192

CHAPTER 8. VALUES AND COMPUTATIONS

fully recursive denitions. Which type should we assign to Y ? One possibility considered in chapter 6 is to introduce a family of combinators Y of type ( ! ) ! . Then the correspondence with the logic is blurred as Y (x : :x) has type for any type/proposition , i.e. every type is inhabited/provable. Another possibility is to regard Y (x : :x) as a computation of a proof, that is to assign to Y the type (c() ! c()) ! c(), where c() is the type representing the computations over . Then, at the cost of a complication of the formal system, we may keep a correspondence between propositions and a subset of types. In these examples, we have roughly considered computations as values enriched with an element denoting the divergent computations. There are however other possible notions of computations that arise in the study of programming languages. For instance, if we wish to model non-determinism then a computation may consist of a collection of values representing the possible outcomes of a program. Which are then the common properties of these notions of computation? The notion of monad that we describe in section 8.1 seems to provide a good general framework. We present a general technique to produce a monad out of a category of partial morphisms. In particular the familiar category of dcpo's is revisited in this perspective. In section 8.2 we introduce a call-by-value version of the language Pcf studied in chapter 6 which reects the properties of the function space in a category of partial morphisms. By a variant of the technique presented in theorem 6.3.6, we prove the adequacy of the semantic interpretation with respect to the operational semantics. In section 8.3 we describe a class of abstract machines, known as environment machines, for the mechanical evaluation of weak -calculi. In section 8.4 we consider the full abstraction problem for the call-by-value -calculus. We show that a canonical lter model is fully abstract for the calculus enriched with a parallel join operator. In section 8.5 we revisit the continuation based semantics introduced in section 1.6 from a monadic viewpoint. We introduce a typed call-by-value -calculus enriched with control operators for the manipulation of the execution ow and study its Continuation Passing Style (Cps for short) translation into a standard -calculus. The typing of control operators allows to push from intuitionistic to classical logic the Curry-Howard correspondence between typed -calculi and propositional calculi. In this respect Cps translations can be regarded as a way to extract an eective content form a classical proof. We also discuss simple variants of environment machines which can handle control operators.

8.1 Representing Computations as Monads In this section, following Mog89], we present the notion of computation-asmonad. The monads of partial computations, continuations, and non-deterministic computations will be our leading and motivating examples.

8.1. REPRESENTING COMPUTATIONS AS MONADS

193

Monads (or triples) are an important category-theoretical notion, we refer to section B.8 for some basic constructions and to BW85, ML71] for a deeper analysis. What is important here, is to state which are the basic computational properties we wish to formalize. Suppose that C is our category of data types. An endofunctor T : C ! C denes how to go from a certain collection of values to the computations over such values. A natural transformation : idC ! T determines how a value can be seen as a computation. Another natural transformation : T 2 ! T explains how to atten a computation of a computation to a computation. These requirements plus certain natural commutation properties are expressed by the following equations (cf. denition B.8.1):

A TA = A TA = idTA

A TA = A TA :

We say that a monad satises the mono requirement if A is a mono, for any object A.

Example 8.1.1 We give three basic examples of monads with a computational

avour in the category of sets. We leave to the reader the needed verications (these monads satisfy the mono requirement). Partial computations. Dene ( ) : Set ! Set as: ?

(X ) (f ) (z) X ( x) X (z) ?

?

=X ( f?X g where ?X 2= X z 2 X where f : X ! Y = f?(z) ifotherwise Y = (x z2X = z? ifotherwise : X

Non-deterministic computations. Dene P : Set ! Set as: P (X ) = Pfin(X ) P (f )(a) =S f (a) where f : X ! Y X (x) = fxg X (z) = z : Continuations. We suppose given a set of results, R, containing at least two

elements. In order to understand the basic trick behind the notion of computation, one should think of the double negation interpretation of classical logic into intuitionistic logic TvD88]. Let :X (X ! R), and dene C : Set ! Set as:

C (X ) C (f ) X (x) X (H )

= ::X = g 2 ::X:h 2 :Y:g(h f ) where f : X ! Y = h 2 :X:h(x) = h 2 :X:H (g 2 ::X:g(h)) :

194


First, let us concentrate on the monads of continuations and non-deterministic computations. We introduce two variants of the imperative language studied in chapter 1, and analyse their interpretations in suitable monads (for the sake of simplicity we leave out recursion and expressions). LC s ::= a j skip j s& s j stop LN s ::= a j skip j s& s j s + s : In LC we have introduced a statement stop whose intuitive eect is that of terminating immediately the execution of a program and return the current state. As already discussed in section 1.6 the \direct" semantics used in section 1.5 is not adequate to interpret commands which alter in some global way the control ow. For instance we should have stop& s] = stop] , for any s, which is hopeless if we insist in stating stop& s] = s] stop] . The notion of continuation was introduced in section 1.6 precisely to model operators that explicitly manipulate the control ow. Let ' be the collection of states. It is natural to take ' as the collection of results. Then the monad of continuations is given by: C (') = ' ! (' ! ') : The semantics of a program is a morphism from ' to C ('). The interpretation for LC is dened as follows: 1 skip] = a] = a for a : ' ! ' s1& s2] = C (s2] ) s1] stop] = :f: : Exercise 8.1.2 Verify that a b] = : f:f (b(a)), and stop s] = stop] . In LN we have introduced an operator + for the non-deterministic composition of two statements. The intuition is that the statement s1 +s2 can choose to behave as either s1 or s2. It is then natural to consider the interpretation of a statement as a morphism from ' to Pfin('), where ' is the collection of states. Hence, using the monad of non-deterministic computations we dene: skip] = a] = a for a : ' ! ' s1& s2] = P (s2] ) s1] s1 + s2] = : s1] s2] : An obvious remark is that the interpretations for LC and LN are formally identical but for the fourth clause. As a matter of fact we have been using a general pattern in these interpretations which goes under the name of Kleisli category. Given a monad (T ) over a category C the Kleisli category KT is formed as follows: KT = C KT d d ] = Cd Td ] idd = d : d ! Td f g = d00 Tf g for g : d ! d f : d ! d in KT : 0

0

0

1

0

00

This denition is slightly more abstract, but equivalent to the one presented in section 1.6.


195

The reader will nd in Mog89] more information on this construction, and on its use in the interpretation of a meta-language where the notion of computation is treated abstractly, as a monad with certain desirable properties. Going back to the monads of power-sets, we hint to an application to the modelling of parallel computation. We illustrate the idea on yet another variant of the imperative language considered above:

LP s ::= a j skip j s& s j s k s : The intuitive semantics of s1 k s2 is that of a parallel execution of the state transformations performed by s1 and by s2. Since s1 and s2 share the same state dierent orders of execution might generate dierent nal results, as is clear, for instance, in the program x := 1& x := 0 k x := 1, which upon termination can associate to x either 0 or 1. In dening the semantics one has to establish what modications of the state are atomic, i.e. are executed as non-interruptible operations. For instance if we assume that assignment is an atomic operation then the program x := 0 k x := 1 will terminate with x having value 0 or 1, and nothing else. The semantics of a program is a collection of sequences of state transformations. For instance we can take: s] 2 Pfin((' ! ')+ ) where (' ! ')+ are non-empty nite sequences of functions. In this case it is clear that we can distinguish the interpretations of x := 0& x := x + 1 and x := 1. The interpretation of a parallel composition is an operator that shues the sequences in all possible combinations.

Exercise 8.1.3 De ne an interpretation of the language LP in Pfin(( ! )+). In the presence of divergent programs things are a bit more complicated. What is needed is an analogous of the power-set construction in a category of domains. Various solutions to this problem will be presented in chapter 9. Let us provisionally call PD the powerdomain operator. The interpretation of the imperative language with recursion is given in a domain of resumptions (see, e.g., Plo83]) which is the least solution of the following equation:

R = ' ! PD (' + (' R)) : A resumption is a function that takes a state and returns a collection of elements that can be either a state or a pair (state, resumption). Intuitively, a program is interpreted as a possibly innite sequence of state transformations (cf. exercise 8.1.3) each state transformation in the sequence models an operation that the program can perform atomically on the memory.


196

Partial morphisms. In example 8.1.1 we have dened the monad of partial computations over Set. We show next that the monad of partial computations

can be derived in a systematic way from a general notion of partial morphism. We then apply this connection between partial morphisms and monads of partial computations to the categories of domains introduced in the previous chapters. It is standard to consider an equivalence class of monos on an object as a generalized notion of subset. A partial morphism from a to b can then be represented as a total morphism from a subset of a to b. In most interesting examples the domain of convergence of a partial morphism is not arbitrary. For instance it is open (as in Dcpo), recursively enumerable, etcetera. It is then reasonable to look for a corresponding categorical notion of admissible mono as specied by the following denition.

Denition 8.1.4 (admissible family of monos) An admissible family of monos M for a category C is a collection fM(a) j a 2 Cg such that: (1) If m 2 M(a) then m is a mono m : d ! a. (2) The identity on a is in M(a): ida 2 M(a). (3) M is closed under composition i.e. m1 : a ! b 2 M(b) m2 : b ! c 2 M(c) ) m2 m1 : a ! c 2 M(c) : (4) M is closed under pullbacks i.e.

m : d ! b 2 M(b) f : a ! b ) f 1 (m) 2 M(a) : ;

An admissible family of monos M on C enjoys properties which are su#cient for the construction of a related category of partial morphisms pC. 2 A representative for a partial morphism from a to b is a pair of morphisms in C, (m f ), where m : d ! a 2 M(a) determines the domain and f : d ! b the functional behavior. The category pC has the same objects as C and as morphisms equivalence classes of representatives of partial morphisms, namely:

pCa b] = fm f ] j m : d ! a 2 M(a) f : d ! bg where (m : d ! a f : d ! b) is equivalent to (m : d ! a f : d ! b) i there is an iso i : d ! d in C such that m i = m and f i = f . 0

0

0

0

0

0

0

To specify domain and codomain of a partial morphism, we write m f ] : a * b, and we write (m f ) : a * b for a representative. Given (C M) there is a canonical embedding functor, Emb : C ! pC, dened as: Emb (a) = a Emb (f ) = id f ] :

We refer to CO88, Mog88, RR88] for extended information on the origins and the development of the theory. The denition of pCCC can already be found in LM84]. 2


197

Denition 8.1.5 (lifting) Given a category enriched with a collection of admissible monos, say (C M) and an object a in C the lifting of a is dened as a partial morphism, open : (a) * a, such that (cf. denition 1.4.16): ?

8b 2 C8f : b * a 9!f : b ! (a) (f = open f ) : 0

0

?

(8.1)

The following theorem characterizes the lifting as the right adjoint of the embedding functor and shows that it induces a monad (cf. section 1.4).

Theorem 8.1.6 (1) The partial category (C M) has liftings i the embedding functor has a right adjoint. (2) The lifting functor induces a monad over C. Proof hint. If f : b * a then we dene f : b ! (a) according to condition 8.1. (1) ()) We dene a lifting functor, Lift : pC ! C, as: Lift (a) = (a) Lift (f ) = (f open a) where f : a * b : 0

?

0

?

Next we dene a natural iso:

: pC ] ! C Lift ] a b(f ) = f : 0

(() Given the natural iso , we dene: (a) = Lift (a) open a = 1(id(a)? ) : ;

?

(2) This is a mechanical construction of a monad out of an adjunction (cf. section B.8). We dene a = (ida) , and a = ((a)?)? a(open a open (a)? ). 2 0

Exercise 8.1.7 Find a notion of admissible mono in Set that generates the monad of partial computations de ned in the example 8.1.1(1).

The notion of partial cartesian closed category (pCCC) arises naturally when requiring closure under the partial function space.

Denition 8.1.8 (pCCC) Let M be an admissible collection of monos on the category C. The pair (C M) is a pCCC (partial cartesian closed category) if C is cartesian and for any pair of objects in C, say a b, there is a pair (pexp (a b) pev a b : pexp (a b) a * b) (pev for short) with the universal property that for any f : (c a) * b there exists a unique h : c ! pexp (a b) (denoted pa b c(f ), or p(f ) for short) such that pev (h ida ) = f .


198

In other words, for any object b there is a functor partial exponent on b, say b * : pC ! C, that is right adjoint to the product functor b : C ! pC:

pC b ] = C b * ] :

By instantiating this natural isomorphism, we obtain the following version of currying: a b * c = a ! (b * c). By virtue of this isomorphism we can safely confuse b * c with pCb c]. We remark that in any pCCC the lifting can be dened as (a) = 1 * a, with the morphism open = pev hid !i. Every pCCC has an object ', called dominance, that classies the admissible subobjects (in the same sense as the object of truth-values classies arbitrary subobjects in a topos). ?

Proposition 8.1.9 (dominance) In every pCCC the object ' = (1) = 1 * 1, called dominance, classies the admissible monos in the following sense, where > = p(!) : 1 ! ': 8a 8m 2 M(a) 9! : a ! ' such that (m !) is a pullback for ( >) (8.2) ?

Exercise 8.1.10 Given a partial category de ne an admissible subobject functor M( ) : Cop ! Set. Show that the classi er condition 8.2 can be reformulated by saying that there is a natural isomorphism between the functor M( ), and the hom-functor C ].

Exercise 8.1.11 Show that in a pCCC the following isomorphism holds: a ! = a * 1.

In order to practice these denitions, let us consider the familiar category of directed complete partial orders and continuous morphisms (Dcpo). In Dcpo we can choose as admissible monos (i.e. subobjects) the ones whose image is a Scott open. Then the dominance is represented by Sierpinski space O, the two points cpo. The dominance O classies the admissible monos because any Scott open U over the dcpo D determines a unique continuous morphism, f : D ! O such that f 1 (>) = U (this point was already discussed in section 1.2 and it will be fully developed in section 10.1). ;

Denition 8.1.12 Let Dcpo be the category of dcpo's and continuous morphisms. We consider the following class of monos in Dcpo: m : D ! E 2 MS i im(m) 2 S (E ) : We leave to the reader the simple proof of the following proposition.

Proposition 8.1.13 (1) The class MS is an admissible family of monos for the category Dcpo. (2) The related category of partial morphisms is a pCCC.

8.2. CALL-BY-VALUE AND PARTIAL MORPHISMS

199

We conclude by relating various categories of dcpo's. Let D E be dcpo's. A partial continuous morphism f : D * E is a partial morphism such that its domain of denition is a Scott open (Dom(f ) 2 S (D)) and its total restriction, f Dom(f ) : Dom(f ) ! E , is Scott continuous. We denote with pDcpo the category of dcpo's and partial continuous morphisms. Let D E be cpo's. Recall from denition 1.4.17 that a strict continuous morphism f : D ! E is a (Scott) continuous morphism such that f (?D ) = ?E . We denote with sCpo the category of cpo's and strict continuous morphisms. Exercise 8.1.14 (1) Calculate the dominance of (MS Dcpo). (2) De ne the equivalences among the category of partial morphisms generated by (MS Dcpo), the category sCpo, and the category pDcpo. j

8.2 Call-by-value and Partial Morphisms We apply the idea of distinguishing between total and divergent computations which is implicit in the monad of partial computations to the design of a variant of the language Pcf (see chapter 6). This gives us the opportunity to revisit the general problem of relating the interpretation of a programming language with the way the programming language is executed. We may start from the following question (reversing the historical evolution of the topic): for which kind of simply typed -calculus does a pCCC provide an adequate interpretation? A crucial point is that we follow a call-by-value evaluation discipline, hence in an application the evaluator has to diverge if the argument diverges. To be more precise, we have to x the rules of evaluation and observation. We stipulate the following: (1) The evaluator has to stop at -abstractions. (2) It is possible to observe the termination of a computation of a closed term at all types, equivalently one may say that programs have arbitrary, possibly functional, types. Contrast these design choices with the denition of the evaluator !op in chapter 6. There evaluation followed a call-by-name order and observation of termination was allowed only at ground types. As in chapter 6, we wish to relate operational and denotational semantics. The technical development of the adequacy proof goes through three main steps. (1) A language based on a xed point extension of the simply typed -calculus is introduced and a call-by-value evaluation of closed terms is dened. (2) A standard interpretation of the language in the pCCC pDcpo is specied. (3) A notion of adequacy relation is introduced which allows to relate closed terms and denotations. It is rst proved that the evaluation of a closed term converges to a canonical term i its denotation is a total morphism. As a corollary, a result of adequacy


200 ()

;`:1

x : ` M : (*I ) ; `;x : :M : * (Y )

(Asmp ) x; :`x2: ; (*E )

;`M :* ;`N : ; ` MN :

; ` M : (1 * ) * ; ` Y M : Figure 8.1: Typing rules for the call-by-value typed -calculus

of the interpretation with respect to a natural observational preorder is obtained. The related proof technique introduces a family of adequacy relations indexed over types that relate denotations and closed terms. These adequacy relations are a variant of the relations already dened in the adequacy proof for PCF (chapter 6). They combine ideas from the computability technique (a technique used for proofs of strong normalization, see theorems 3.5.20 and 11.5.18) with the inclusive predicates technique discussed in chapter 6.

Call-by-value Y -calculus. We consider a variant of the Y -calculus dened

in chapter 6 suited to the call-by-value viewpoint. Types and raw terms are dened by the following grammars. We distinguish a special type 1 which is inhabited by the constant . This type corresponds to the terminal object and it is used to dene a lifting operator, according to what can be done in every pCCC.

tv ::= t j s j : : : ::= 1 j tv j ( * ) v ::= x j y j : : : M ::= j v j (v : :M ) j (MM ) j (Y M ) : Contexts ; are dened as in chapter 4. Provable typing judgments are inductively dened in gure 8.1 (in the following we often omit the type label from the Y combinator). The types of the Y clause may seem a bit puzzling at a rst glance. One can give a semantic justication by recalling that in a pCCC we dene the lifting as (a) = (1 * a), on the other hand the partial function space, say *, relates to the total function space, say !, as a * b = a ! (b) . So (1 * ) * is the \same" as (() ! () ) and the implicit type we give to Y is (() ! () ) ! () , Type Variables Types Term Variables Terms

?

?

?

?

?

?

?

8.2. CALL-BY-VALUE AND PARTIAL MORPHISMS ()

201

7!

(*I )

x : :M 7! x : :M N 7! C M C =x] 7! C (*E ) M 7! x : :M MN 7! C M ( x : 1 :Y M ) 7! C (x fresh) (Y ) Y M 7! C 0

0

0

0

Figure 8.2: Evaluation rules for the call-by-value typed -calculus that is the usual type of a xed-point combinator over () . One good reason to restrict recursion to lifted objects is that these objects do have a least element! A continuous function over a directed complete partial order without a least element does not need to have a x-point. ?

Evaluation. In chapter 6 we have dened the reduction relation as the reexive, transitive closure of a one-step reduction relation !op. In the following we

follow a dierent style of presentation in which evaluation is presented as a relation between programs, i.e. closed terms, and canonical forms. In the case considered here, the canonical forms are the closed, well-typed terms C C : : : that are generated by the following grammar (other examples of denition of the evaluation relation can be found in section 8.3): 0

C ::= j (v : :M ) : The evaluation relation 7! relates closed terms and canonical forms of the same type. Its denition is displayed in gure 8.2. We write M # if 9C (M 7! C ). Note that the denition of the relation 7! gives directly a deterministic procedure to reduce, if possible, a closed term to a canonical form. In particular, canonical forms evaluate to themselves.

Interpretation. In order to dene an interpretation of our call-by-value -

calculus we concentrate on the category of directed complete partial orders and partial continuous morphisms. Then, as usual, there is a least xed point operator over lifted objects that is calculated as the lub of an inductively dened chain. Let Dcpo be the collection of dcpo's. We give a type interpretation that


202 () (Asmp ) (*I ) (*E ) (Y )

; ` : 1]] (x1 : 1) : : : (xn : n) ` xi : i] ; ` x : :M : * ] ; ` MN : ] ; ` Y M : ]

=! ;]] = n i = p(; x : ` M : ] ) = pev

h ; ` M : * ] ; ` N : ] i W = n
Figure 8.3: Interpretation of the call-by-value -calculus in pDcpo depends on an assignment : tv ! Dcpo as follows: 1]] =1 (the terminal object) t] = (t) * ] = ] * ] (the partial exponent) : The interpretation of a judgment (x1 : 1) : : : (xn : n) ` M : is a partial morphism of type: 1]] 1] n] * ] ( associates to the left) as dened in gure 8.3. If ` M : , that is the term is closed, then the interpretation f 2 1 * ] is either a divergent morphism or a point in ] . We write f * in the rst case and f + in the second case. We also write M + if M ] +, and we denote with ? the diverging morphism. In (), ! ;]] is the unique total morphism into 1. In (*E ), the operation h i is a partial pairing, that is it is dened only if its arguments are both dened. In (Y ), let g be ; ` M : (1 * ) * ] , f (0) be the divergent morphism, and f (n + 1) = pev hg id f (n)i. The morphism id : a * pexp (1 a) is uniquely determined by the identity over a, and the morphism open a : pexp (1 a) * a. As in chapter 4 we can proceed by induction on the size of the typing proof to establish the following properties of substitution.

Lemma 8.2.1 (substitution) If ; x : ` M : , and ; ` C : then (1) ; ` M N=x] : . (2) ; ` M N=x] : ] = ; x : ` M : ] hid ; ` C : ] i. Adequacy. We want to prove that given a well typed closed term M , M # i M +. It is easy to show that if M # then M + as the interpretation is invariant

under evaluation and the interpretation of a canonical form is a total morphism. In the other direction the naive attempt of proving (M + ) M #) by induction on the typing of M does not work. Therefore, we associate to every type an

8.2. CALL-BY-VALUE AND PARTIAL MORPHISMS

203

adequacy relation R relating denotations and closed terms of type (cf. chapter 6). Adequacy relations enjoy the property (f R M and f +) ) M # moreover they enjoy additional properties so that a proof by induction on the typing can go through.

Denition 8.2.2 (adequacy relation) A relation S 1 * ] o is an

adequacy relation of type if it satises the following conditions: (C:1) (fSM and f +) ) M # (C:2) (fSM and M 7! C and M 7! C ) ) fSM (C:3) ?SM for any M 2 o (C:4) (ffngn
0

adequacy relations.

Denition 8.2.4 Given an assignment : tv ! St tv ARt, such that (t) 2 ARt for any t, we associate to every type a relation R 1 * ] o as follows: R1 = f(f M ) j f * or (f + and M #)g Rt = (t) R = f(f M ) j (f + ) M #) and 8d N (d R N ) (pev hf di) R MN )g : 2

!


204

Proposition 8.2.5 The relation R is an adequacy relation of type , for any

type .

Proof. We proceed by induction on the structure of . 1 By denition of R.

t By denition of . * We verify the four conditions. (C.1) By denition of R* . (C.2) Suppose (fR* M and M 7! C and M 7! C ). First observe: 0

(M 7! C and M 7! C and MN 7! C ) implies M N 7! C 0

0

0

0

(8.3)

The interesting case arises if pev hf di +. Then we have to show: pev hf diR MN implies pev hf di R M N 0

that follows by induction hypothesis on and property 8.3. (C.3) ?R* M because pev h? di = ?, and d R N implies, by induction hypothesis on , ?R MN . (C.4) pev hWn
Theorem 8.2.6 If ; ` M : , ; (x1 : 1) : : : (xn : n), and di R Ci, i = 1 : : : n then (; ` M : ] hd1 : : : dn i) R M C1=x1 : : : Cn=xn ]. Proof. By induction on the length of the typing judgment. We adopt the following abbreviations: hd1 : : : dn i d~ and C1=x1 : : : Cn =xn] C~ =~x]. () (; ` : 1]] d~) R1 , by denition of R1. (Asmp ) di Ri Ci , by assumption. (*I ) We show (p(; x : ` M : ] ) d~) R* (x : :M C~ =~x]). The rst condition that denes R* follows by the fact that x : :M C~ =~x] #. For the second suppose d R N , N 7! C , and the application is dened, then by inductive hypothesis we have:

(; x : ` M : ] hd~ di) R M C~ =~x]C=x] : We observe: (1) pev hp(; x : ` M : ] ) d~ di = (; x : ` M : ] ) hd~ di. (2) M C~ =~x]C=x] 7! C implies (x : :M C~ =~x])N 7! C (3) Hence by condition (C.2) follows: (pev hp(; x : ` M : ] ) d~ di) R (x : :M C~ =~x])N : 0

0

8.3. ENVIRONMENT MACHINES

205

(*E ) We show (pev h ; ` M : * ] ; ` N : ] i d~) R (MN )C~ =~x]. By induction hypothesis (; ` M : * ] d~) R* M C~ =~x] and (; ` N : ] d~) R N C~ =~x]. The result follows by the denition of R* . (Y) We show (Wn
Corollary 8.2.7 (1) If ` M : then M + implies M #. (2) If ; ` M : , ; ` N : , and ; ` M : ] ; ` N : ] then in any context C such that ` C M ] : and ` C N ] : we have C M ] # implies C N ] #. Proof. (1) We apply the theorem 8.2.6 in the case the context is empty. (2) We prove by induction on the structure of a context C that for any M N such that ` C M ] : and ` C N ] : , ; ` M : ] ; ` N : ] ) ` C M ] : ] ` C N ] : ] : Next apply the adequacy theorem to show C M ] # ) C M ] + ) C N ] + ) C N ] #. 2

8.3 Environment Machines The e#cient reduction of -terms is an important research topic (see, e.g., PJ87]). A central problem is the implementation of the substitution operation. In calculus theory substitution is considered as a meta-operation whose denition involves renaming of bound variables and a complete visit of the term in which the substitution is carried on. In implementations, it is tempting to distribute the price of substitution along the computation. The idea is to record the substitution in a suitable data structure, the environment, which is kept on the side during the evaluation. The environment is accessed whenever the actual \value" of a variable is needed.

The weak -calculus. Based on this idea we present a class of machines known

as environment machines which are related to the Categorical Abstract Machine mentioned in section 4.3 (see Cur91] for the exact connection). We concentrate on the implementation of the weak -calculus, a -calculus in which reduction cannot occur under 's. Terms are dened as usual, we omit types since they are


206 ( ) ()

(x:M )N ! M N=x]

M !M MN ! M N

( )

0 0

N !N MN ! MN 0

0

Figure 8.4: Reduction rules for the weak -calculus

(x:M )V !v M V=x]

M !v M MN !v M N 0

0

N !v N V N !v V N 0

0

Figure 8.5: Call-by-value reduction strategy not relevant to our discussion. The rules for weak reduction are shown in gure 8.4. Note that the reduction relation ! generated by these rules is not conuent. For instance consider (y:x:y)(II ), where I is z:z. This term can be reduced to two distinct normal forms: x:II and x:I . Call-by-name and call-by-value are two popular reduction strategies for the weak reduction. In the call-by-name strategy rule ( ) is omitted. We denote the resulting reduction relation with !n. By denition, a value V is a term which begins with a -abstraction. The call-by-value reduction strategy is presented in gure 8.5.

Exercise 8.3.1 Formalize a call-by-name version of the typed -calculus de ned in

section 8.2. De ne a translation of call-by-name in call-by-value according to the type translation ! = (1 * ) * , where ! is the exponentiation operator for the call-by-name calculus.

In the study of abstract machines implementing a given strategy, one is often interested in the evaluation relation that we conventionally denote with 7!, in order to distinguish it from the reduction relation (an example of evaluation relation was given in gure 8.2). The evaluation relation relates terms to values (or canonical forms). The evaluation relations 7!n and 7!v for call-by-name and call-by-value, respectively, are shown in gure 8.6.

8.3. ENVIRONMENT MACHINES

207

V 7!n V

M 7!n x:M M N=x] 7!n V MN 7!n V

V 7!v V

M 7!v x:M N 7!v V M V =x] 7!v V MN 7!v V

0

0

0

0

0

0

Figure 8.6: Evaluation relation for call-by-name and call-by-value

xe] ! e(x)

M e] ! ! (x:P )e ] MN e] ! P e N e]=x]] 0

0

e(x) ! c M e] ! M ec=x]]

Figure 8.7: Weak reduction for the calculus of closures

Exercise 8.3.2 Let s stand for n or v. Show that: (i) 7!s !s , and (ii) the relations

7!s and !s are incomparable with respect to the inclusion relation.

A weak calculus of closures. Next we formalize the idea of environment. To

this end we dene a calculus of closures which are pairs of -terms and environments. Environments and closures are mutually dened as follows: An environment is a partial morphism e : Var * Closures where Dom(e) is nite (in particular the always undened morphism is an environment), and Closures is the set of closures. A closure c is a term M e] where M is a term and e is an environment. In general we evaluate closures M e] such that FV (M ) Dom(e). The evaluation rules for weak reduction are displayed in gure 8.7. In the second rule, M e] can be already of the form (x:P )e ]. Observe that the schematic formulation of this rule is needed in order to keep environments at top level. Environments can be regarded as a technical device to x the non-conuence of the weak -calculus. Indeed it is shown in Cur91] that the relation ! is conuent on closures. Next we formalize the evaluation relations for the call-byname and call-by-value strategies. By denition, a value v is a closure (x:M )e]. The rules are shown in gure 8.8. 0


208

e(x) 7!n v xe] 7!n v

M e] 7!n x:M e ] M e N=x]] 7!n v MN e] 7!n v

e(x) 7!v v xe] 7!v v

M e] 7!v x:M e ] N e] 7!v v M e v =x]] 7!n v MN e] 7!n v

0

0

0

0

0

0

0

0

0

0

Figure 8.8: Evaluation rules for call-by-name and call-by-value

(xe] s) ! (e(x) s) (MN e] s) ! (M e] N e] : s) (x:M e] c : s) ! (M ec=x]] s) Figure 8.9: Environment machine for call-by-name

Abstract machines. The evaluation rules described in gure 8.8 are pretty

close to the denition of an interpreter. What is still needed is a data structure which keeps track of the terms to be evaluated or waiting for their arguments to be evaluated. Not surprisingly, a stack su#ces to this end. In the call-byname strategy, we visit the term in a leftmost outermost order looking for a redex. During this visit the terms that appear as arguments in an application are piled up with their environment in the stack. Therefore the stack s can be regarded as a possibly empty list of closures that we denote with c1 : : : : : cn. The related environment machine is described in gure 8.9 as a rewriting system on pairs (M e] s) of closures and stacks (this formulation is due to Krivine). At the beginning of the evaluation the stack is empty. In the call-by-value strategy, we need to know if what is on the top of the stack is a function or an argument. For this reason, we insert in the stack markers l for left and r for right that specify if the next closure on the stack is the left or right argument of the evaluation function. Therefore a stack is dened as a possibly empty list of markers m 2 fl rg and closures: m1 : c1 : : : :mn : cn. The related environment machine is described in gure 8.10.

8.4. A FA MODEL FOR A PARALLEL -CALCULUS (xe] s) (MN e]:s) (v r : c : s) (v l : x:M e] : s)

209

! (e(x) s) ! (M e] r : N e] : s) ! (c l : v : s) ! (M ev=x]] s)

Figure 8.10: Environment machine for call-by-value

8.4 A FA Model for a Parallel -calculus We build a lter model for an untyped, call-by-value -calculus adapting the techniques already introduced in chapter 3. Following Bou94] we show that this model is fully abstract when the calculus is enriched with a join operator (t) allowing for the parallel evaluation of -terms. Evaluation converges as soon as one of the terms converges. The join operator fails to be sequential in the sense described in section 2.4 and so one can show that it cannot be dened in the pure -calculus. Indeed it can be shown that in the calculus extended with the join operator every compact element of a canonical model based on Scott continuity is denable (i.e. it is the interpretation of a closed term of the -calculus, a similar result was stated in chapter 6 for Pcf enriched with a parallel or). This result entails the full abstraction of the model. t

The -calculus. We introduce a call-by-value, untyped -calculus enriched with a join operator t and construct a model for it as the collection of lters over t

a specically tailored eats (cf. denition 3.3.1). The language of terms is dened as follows: v ::= x j y j : : : M ::= v j v:M j MM j M t M : Canonical forms are the closed terms generated by the following grammar: C ::= v:M j C t M j M t C : Finally, the evaluation relation is dened inductively on closed terms as shown in gure 8.11. As usual we write M # if 9C (M 7! C ). Exercise 8.4.1 Observe that a term may reduce to more than one canonical form.

Consider the reduction relation naturally associated to the evaluation relation de ned in gure 8.11. Observe that this relation is not conuent, e.g. ( x: y:x)(II t II ) 7! y:(I t I ) and ( x: y:x)(II t II ) 7! y:(II t I ). This is a typical problem of weak -calculi (cf. section 8.3). De ne a suitable calculus of closures (where environments are evaluated) and show its conuence (a solution is described in Bou94]).


210

M 7! x:M N 7! C M C =x] 7! C MN 7! C 0

0

0

0

M 7! M1 t M2 M1N t M2N 7! C MN 7! C C 7! C

M 7! C M t N 7! C t N

N 7! C M t N 7! M t C

M 7! C N 7! C M t N 7! C t C

0 0

Figure 8.11: Evaluation relation for the -calculus t

We have already proved in section 8.2 the adequacy of a model for a call-byvalue -calculus in which the function space is composed of the partial continuous functions. In the following, we build a lter model over an eats for call-by-value, which is a solution of the equation D = D * D. 3 More precisely we work with total morphisms and build the initial solution of the equation D = D ! (D) in the category of algebraic complete lattices and injection-projection pairs (this solution exists by the techniques presented in chapter 3 and generalized in chapter 7). 4 In a lattice the t operator can be simply interpreted as the lub. In the denition of eats for call-by-value we have to axiomatize the strict behaviour of the * operator. ?

Denition 8.4.2 (v-eats) An eats for call-by-value (v-eats) is a preorder having all nite glb's and enriched with a binary operation * which satises the following properties (as usual ! denotes a top element):

(1) * * 0

0

0

(2) * ( ^ ) ( * ) ^ ( * ) 0

0

0

(3) * ! ! * ! (4) ( ^ (! * !)) * * : Rule (1) and Inequality (2) are inherited from the eats axiomatization. Inequality (3) says that ! * ! is the largest dened element. The inequality ! * ! In op. cit. similar results are obtained for call-by-name, in this case one works with the equation D = (D ! D)? . 4 Following Boudol, an equivalent presentation of the domain D is as the initial solution of the system of domain equations D = (V )? , and V = V ! D. 3

8.4. A FA MODEL FOR A PARALLEL -CALCULUS

211

states that is a value, this is used in the *-elimination rule in gure 8.12. Inequality (4) states that functions are strict, in other terms the behaviour on undened elements is irrelevant, for instance we can derive ! * = (! * !) * . Given a v-eats S , consider the collection of lters F (S ) ordered by inclusion. We write x + if ! * ! 2 x and x * otherwise. We dene a strict application operation as follows.

Denition 8.4.3 (strict application) Given a v-eats S and x y 2 F (S ) dene ( x + and y + xv y = f"!j * 2 x 2 yg ifotherwise : Denition 8.4.4 (representable function) Let S be a v-eats. A strict function f over F (S ) is representable if 9x 8y (f (y) = xv y). Proposition 8.4.5 Let S be a v-eats. Then: (1) F (S ) is an algebraic complete

lattice. (2) The strict application operation is well-dened and continuous in both arguments. In particular every representable function is strict continuous.

Proof hint. (1) Follow the corresponding proof in proposition 3.3.10. (2) 2

Simple verication.

Proposition 8.4.6 Let T be the smallest theory including an element ! and

satisfying the conditions in denition 8.4.2 (cf. denition 3.3.4). Then every strict continuous function over F (T ) is representable.

Proof hint. First show that in the initial v-eats î I i * i * implies ^ i i , where i ! * !. Then the proof follows the schema presented 2

2

in proposition 3.3.18.

Exercise 8.4.7 Show that if T is de ned as in proposition 8.4.6 then F (T ) is isomor-

phic to the initial solution of the equation D = D ! (D) in the category of algebraic complete lattices and embedding projections pairs. ?

Denition 8.4.8 (interpretation) Let S be a v-eats. We dene an interpretation function ] : -term ! (Env ! F (S )), where Env = V ar ! F (S ) t

with generic element . When interpreting a closed term we omit writing the environment as it is irrelevant. As usual if x S then x denotes the least lter containing x.

x]

= (x)

MN ]

= M ] v N ]

x:M ] = f * j 2 M ] " =x]g M t N ] = M ] N ] :


212

x:2; ;`x: ; x : ` M : ; ` x:M : * ;`M : ;`N : ;`M tN :^ ;`M : ;`M : ;`M :^

;`M :! ;`M :* ;`N : !*! ; ` MN : ;`M : ;`M :

Figure 8.12: Typing rules for the -calculus t

Next we dene a typing system that allows to compute the interpretation, in the sense that the interpretation of a term is the collection of types that we can assign to it. Types : : : are elements of a v-eats. Contexts ; are dened as usual. The typing system is displayed in gure 8.12. An environment is compatible with a context ; if x : 2 ; implies 2 (x). In this case we write ; " .

Proposition 8.4.9 For any term of the -calculus the following holds: M ] = f j ; ` M : ; " g : Proof. ": By induction on the length of the derivation we prove that: 8 8; " (; ` M : ) 2 M ] ) : : First we observe a weakening property of the typing system (cf. lemma 3.5.5): if ; x : ` M : then ; x : ^ ` M : (8.4) t

0

Second, we note that for any environment , the following set is a lter:

f j 9; (; " and ; ` M : )g

(8.5)

By induction on the structure of M we show that for all , n 0:

2 M ] " 1=x1 : : : " n =xn] ) 9; (; " and ; x1 : 1 : : : xn : n ` M : ) : Let us consider the case x:M . Fix an environment . By 8.5 it is enough to show that 2 M ] " =x] implies ; ` x:M : * , for some ;. By induction hypothesis, ; x : ` M : , and we conclude by *-introduction. 2

8.4. A FA MODEL FOR A PARALLEL -CALCULUS

213

Full abstraction. We outline the proofs of adequacy and full abstraction of the -calculus with respect to the lter model built on the initial v-eats. The adequacy proof follows a familiar technique already discussed in section 8.2. We start by specifying when a closed term realizes a type. t

Denition 8.4.10 We dene a family of relations R over closed terms as follows: R! = o (all closed terms) R = R \ R R* = fM j M # and 8N 2 R (N # ) MN 2 R )g : t

^

We write j= M : if M 2 R and x1 : 1 : : : xn : n j= M : if for all Ni such that Ni # and j= Ni : i (i = 1 : : : n) we have j= M N1=x1 : : : Nn =xn] : .

Proposition 8.4.11 If ; ` M : then ; j= M : . Proof hint. We prove by induction on that: (1) (x:M )N Q~ 2 R i M N=x]Q~ 2 R whenever N Q~ #, and (2) (M t N )P~ 2 R i (M P~ t N P~ ) 2 R . Moreover, we verify that implies R R by induction on the derivation of . Finally, we prove the statement by induction on the length of the

2

typing proof.

Corollary 8.4.12 For any closed -term M , M # i M ] + i ` M : ! * !. t

Proof. We prove that M 7! C implies M ] = C ] by induction on the length

of the proof of the evaluation judgment. We observe that for any canonical form C , ` C : ! * !, and that R!*! is the collection of convergent (closed) terms. 2 This concludes the kernel of the adequacy proof. The full abstraction proof relies on the denability of the compact elements of the model. To this end, we inductively dene closed terms M of type , and auxiliary terms T , for ! * !, in gure 8.13.

Exercise 8.4.13 The de nitions in gure 8.13 are modulo equality, where = if

and . Check that we associate a term to every type, and that equal types are mapped to the same term.

Theorem 8.4.14 For all types such that ! * ! the following holds: ( 2x M] =" T ] v x = "I!] ifotherwise :


214

M! M M* T!*! T T* ^

^

= = M t M = x:(Tx)M ( ! * !) = f:I = f:(Tf )(T f ) ( ! * !) = f:T (fM ) ( ! * !)

Figure 8.13: Dening compact elements

Proof. By induction on . We just consider two cases. Case M* . We check: 2 (T] " ) " ) * * : Case M . We use " " =" ( ^ ). 2 0

0

0

0

^

We have derived the adequacy of the interpretation from the soundness of the typing system with respect to the realizability interpretation (proposition 8.4.11). Symmetrically, the full abstraction result will be obtained from a completeness property of the typing system (which follows from the denability theorem 8.4.14).

Denition 8.4.15 Let M N be closed terms. A logical preorder M L N is dened as: 8 (j= M : ) j= N : ). Corollary 8.4.16 Let M N be closed terms. If M L N then M ] N ] . Proof. It is enough to show j= M : implies ` M : by induction on . Let us consider the case for = * . From ` M : we derive j= M : , by proposition 8.4.11. Without loss of generality we assume ! * !. Then M #. It follows j= MM : . By induction hypothesis ` MM : . We conclude 0

0

0

0

by the following chain of implications:

` MM : ) 2 M ] " ) * 2 M] ) ` M : * ) ` M : * : 0

0

0

0

2

This result virtually concludes the full abstraction proof. It just remains to formally dene an operational preorder and to verify that it coincides with the preorder induced by the model.

8.5. CONTROL OPERATORS AND CPS TRANSLATION

215

Denition 8.4.17 An applicative simulation S is a binary relation on closed terms such that whenever MSN : (1) M # implies N #, and (2) for all P , P # implies (MP ) S (NP ). Let sim be the largest applicative simulation. Proposition 8.4.18 Let M N be closed terms. If M ] N ] then M sim N . Proof. It follows from the observation that f(M N ) j M ] N ] g is a simula2

tion.

Proposition 8.4.19 If M sim N then M L N . Proof. We suppose M sim N . We prove by induction on that j= M : implies j= N : . 2

Corollary 8.4.20 Let M N be closed terms. Then M ] N ] i M sim N i M L N . Proof. By corollary 8.4.16 and propositions 8.4.18, 8.4.19.

2

Exercise 8.4.21 (1) Let M N be closed -terms. De ne: t

M apl N i 8P1 : : : Pn(MP1 : : :Pn # ) NP1 : : :Pn #) : Show that M apl N i M sim N . (2) Let M N be arbitrary terms. De ne:

M op N i 8C such that C M ] C N ] are closed (C M ] # ) C N ] #) : Show that for M N closed, M op N i M apl N (this is called context lemma in the context of the full abstraction problem for Pcf, cf. chapter 6).

8.5 Control Operators and Cps Translation Most programming languages whose basic kernel is based on typed -calculus, also include control operators such as exceptions or call-with-current-continuation (see for instance Scheme or ML). In the following we show how to type certain control operators and how to give them an adequate functional interpretation. As already hinted in example 8.1.1, the monad of continuations is a useful technical device to approach these problems.

216


A -calculus with control operators. As in section 8.2, we consider a simply

typed call-by-value -calculus. This language is enriched with a ground type num , numerals 0 1 : : :, and two unary combinators: C for control and A for abort. Formally we have: Types: ::= num j ( * ) Terms: v ::= x j y j : : : M ::= n j x j v : :M j MM j C M j AM : We briey refer to the related calculus as the -calculus. In order to formalize the behaviour of the control operators C and A it is useful to introduce the notion of (call-by-value) evaluation context E (cf. FFKD87]): C

E ::= ] j EM j (x : :M )E : Note that an evaluation context is a context with exactly one hole which is not in the scope of a lambda abstraction. Using evaluation contexts one can provide yet another presentation of the reduction relation. First, we dene a collection V of values as follows: V ::= n j v : :M : If we forget about type labels the one step reduction relation on terms is dened as follows: ( v ) E (x:M )V ] ! E M V=x]] (C ) E C M ] ! M (x:AE x]) x 2= FV (E ) (A) E AM ] !M : We can now provide a syntactic intuition for what a continuation for a given term is, and for what is special about a control operator. A redex $ is dened as follows: $ ::= (v:M )V j C M j AM : Given a term M E $], the current continuation is the abstraction of the evaluation context, that is x:E x]. We will see later that there is at most one decomposition of a term into an evaluation context E and a redex $. A control operator is a combinator which can manipulate directly the current continuation. In particular the operator A disregards the current continuation and starts the execution of its argument, while the operator C applies the argument to x:AE x], when x:E x] is the current continuation. We illustrate by an example the role of control operators in functional programming. We want to write a function F : Tree(num ) * num where Tree(num ) is a given type of binary trees whose nodes are labelled by natural numbers. The function F has to return the product of the labels of the tree nodes, but if it nds that a node has label 0, in this case it has to return zero in a constant number of steps of reduction. Intuitively the termination time has to be independent from


217

(A) ; ` M : num where : * num : (C ) ;;``MC M: :: : ; ` AM : num ( v ) E (x : :M )V ] ! E M V=x]] (C ) E C M ] ! M (x : :AE x]) where C M : (A) E AM ] !M Figure 8.14: Typing control operators and reduction rules the size of the current stack of recursive calls. There is a simple realization of this specication that just relies on the abort operator A (more involved examples can be found in HF87]):

let F (t) = F (x:Ax)t where F = k:Y (f:t : if empty (t ) then 0 else if val (t ) = 0 then k0 else val (t ) f (left (t )) f (right (t ))) : 0

0

0

0

0

0

0

0

At the beginning of the computation we have F (t) ! F x:Ax=k]. If at some point the exceptional branch \if val (t ) = 0 : : :" is selected then the following computation is derived, in some evaluation context E : 0

0

E (x:Ax)0] ! E A0] ! 0 : By applying a Cps translation (to be dened next) it is possible to obtain a purely functional program with a similar behaviour. This is an interesting result which nds applications in compilers' design App92]. On the other hand, one should not conclude that we can forget about control operators. Cps translations tend to be unreadable, and programming directly in Cps style is a tricky business. In practice, control operators are directly available as primitives in functional languages such as ML and Scheme. We refer to FFKD87] for a syntactic analysis of a -calculus with control operators.

Typing control operators. It is possible to type the operators C and A coher-

ently with the reduction rules as shown in gure 8.14 (this typing naturally arises in proving subject reduction, cf. proposition 8.5.2). A program is a closed term of type num . The reduction rules ( v ), (C ), (A) dene a deterministic procedure to reduce programs. In the following a subscript C indicates that we refer to the full -calculus. C


218

Proposition 8.5.1 (unique decomposition) Suppose ` M : . Then either C

M is a value or there is a unique evaluation context E and redex $ such that M E $].

Proof. By induction on the structure of M . The only interesting case is when M M M . Then M is not a value, ` M : * , and ` M : , for some (note that we cannot type A, and C alone). M is a value. Then M x : :M1. If M is a value take E ] and $ (x : :M1)M . Otherwise, if M is not a value then, by inductive hypothesis, there are E1, $1 such that M E1$1]. Then take E M E1 and $ $1. M is not a value. Then, by inductive hypothesis, there are E1, $1 such that M E1$1]. Then take E E1M and $ $1. 2 0

00

0

C

0

C

0

00

00

00

00

00

0

0

0

00

Proposition 8.5.2 (subject reduction) If ` M : num and M ! N then ` N : num. C

C

C

Proof. Suppose there are E $ such that M E $]. There are three cases to

consider according to the shape of the redex. $ (x : :M )V . This requires a simple form of the substitution lemma. We observe that x : ` M : and ` V : implies ` M V=x] : . $ C M . Suppose ` C M : . Then ` M : :: and x : ` E x] : num . Hence x : ` AE x] : num , which implies ` x : :AE x] : :, and nally ` M (x : :AE x]) : num . $ AM . ` AM : num forces ` M : num . Also by denition of program ` E AM ] : num . 2 The previous propositions show that the rules ( V ), (C ), (A) when applied to a program dene a deterministic evaluation strategy which preserves the welltyping. C

C

C

C

C

C

C

C

C

C

C

C

Remark 8.5.3 One may consider other control operators. A popular one is the

call-with-current continuation operator (callcc). The typing and reduction rule for the callcc operators can be formalized as follows:

; k : : ` M : E callcc(k:M )] ! (k:kM )(x:AE x]) : ; ` callcc(k:M ) :

Exercise 8.5.4 (1) Find a simulation of the callcc operator using the C operator. (2) Evaluate the expression C ( k:( x:n)(km)) following a call-by-value and a call-by-name order.

8.5. CONTROL OPERATORS AND CPS TRANSLATION x = k:kx = k:kn n x:M = k:k(x:M )

219

MN = k:M (m:N (n:mnk)) C M = k:M (m:m(z:d:kz)x:x) AM = k:M (x:x)

Figure 8.15: Cps translation

Cps translation. Next we describe an interpretation of the -calculus into C

the -calculus without control operators. We begin with a translation of types. C

num = num * = * :: :

The interpretation of the arrow follows the monadic view where we take num as the type of results. From another point of view observe that replacing num with ? one obtains a fragment of the double-negation translation from intuitionistic to classical logic. The rule for typing the C operator can then be seen as stating the involutive behaviour of classical negation. Note that the translation involves both types/formulas and terms/proofs. Indeed a variant of the translation considered here was used by Friedman to extract algorithmic content from a certain class of proofs in (classical) Peano arithmetic (see Fri78, Gri90, Mur91] for elaborations over this point). We associate to a term M a term M without control operators so that:

x1 : 1 : : : xn : n ` M : implies x1 : 1 : : : xn : n ` M : :: : C

The denition is presented in gure 8.15 (we omit types). This is known as Continuation Passing Style translation. Before giving the explicit typing of the translation we recall three basic combinators of the continuation monad. M : (M ) = k : : :kM : :: M : * ::M = k : :: :h : : :k(x : num :h(Mx)) M : :::: (M ) = k : : :M (h : :: :hk) : :: : The explicitly typed Cps translation is given in gure 8.16. It is now a matter of verication to prove the following, where conventionally ; x : ; x : .

Proposition 8.5.5 (typing Cps translation) With reference to the translation in gure 8.15, if ; ` M : then ; ` M : :: . C

C


220

= k : : :kx : :: if x : = k : :num :kn : ::num = k : : * :k(x : :M ) : :: * = k : : :M (m : * :N (n : :mnk)) : :: = k : : :M (m : :: :m(z : :d : :num :kz)x : num :x) : :: = k : :num :M (x : num :x) : ::num

x n x : :M MN CM AM

Figure 8.16: Typing the Cps translation

Exercise 8.5.6 There are many possible Cps translations which from a logical view

point correspond to dierent ways to map a proof in classical logic into a proof in constructive logic. In particular verify that, consistently with the proposed typing, one can give the following translation of application:

MN = k : ::N ( n : :M ( m : * :mnk)) :

The main problem is to show that the Cps translation adequately represents the intended behavior of the control operators. Suppose ` M : num , the desired result reads as follows: M ! n i M id ! n: The di#culty in proving this result consists in relating reductions of M and M id . Example 8.5.7 It is not the case that for a provable judgment ` M : num, M ! N implies M id ! N id. Consider for instance (x:x)(An) ! n. Note (x:x)(An) ! k:n, whereas n = k:kn. C

C

C

C

An optimized translation. Given a term M , a new translation hM i k:M :k

is dened with the following relevant properties: (1) M ! hM i (2) if M : num and M ! N then M :id ! N :id . This optimized translation is instrumental to the proof of the adequacy of the Cps translation (cf. following theorem 8.5.14). We limit our attention to the fragment of the calculus without control operators. An extension of the results to the full calculus is possible but it would require a rather long detour (see DF92]). The translation considered here, also known as colon translation (cf. Plo75]) performs a more careful analysis of the term, the result is that a certain number of redexes can be statically reduced. By this, we can keep term and Cps-translation in lockstep, hence avoiding the problem presented in example 8.5.7.


221

Denition 8.5.8 We dene a -translation on values. Expected typing: if V : then (V ) : .

(n) = n (x : :M ) = x : :M :

Lemma 8.5.9 For any V , M (V )=x] M V=x]. We associate to every evaluation context E a well-typed closed term (E ) as follows: ( ]) = x:x (E ]N ]) = m:N (n:mn(E )) (E V ]]) = n:(V )n(E ) : Let K be the image of the function with generic element K .

Denition 8.5.10 We dene a semi-colon translation on pairs M :K , where M is closed and K 2 K. Expected typing: if M : and K : : then M :K : num (note the double use of \:").

V :K V1V2:K V1N :K MN :K

= K(V ) = (V1)(V2)K = N :n:(V1)nK = M :m:N (n:mnK ) :

We observe that if ; ` M : then ; ` hM i : ::. Next we prove three technical lemmas that relate the standard and optimized Cps translations.

Lemma 8.5.11 If ` M : , K 2 K, and ` K : : then MK !+ M :K . Proof. By induction on M and case analysis of the semi-colon translation. For instance let us consider:

MNK = (k:M (m:N (n:mnk)))K : By induction hypothesis on M , MNK !+ M :m:N (n:mnK ) = MN :K .

2

Lemma 8.5.12 If ` M : and M is not a value then E M ]:(E ) M :(E E ]) : Proof. By induction on E . For instance let us consider E E1 ]N ]. By 0

0

induction hypothesis on E1: E1M ]N ]:(E ) M ]N :(E E1 ]]) M :m:N (n:mn(E E1 ]])) M :(E E1 ]N ]]) : 0

0

0

0

2


222

Lemma 8.5.13 If ` V : and ` (E ) : : then V :(E ) ! E V ]:id.

Proof. By induction on the structure of E .

If E V ] is a value then E ]. Otherwise we distinguish three cases: (1) E E1 ]N ], N not a value, (2) E E1 ]V1], and (3) E E1V1 ]]. For instance let us consider case (1): V :(E1 ]N ]) V :m:N (n:mn(E1 ])) (m:N (n:mn(E1 ])))(V ) ! N (n:(V )n(E1 ])) !+ N :n:(V )n(E1 ])) (by lemma 8.5.11) V N :(E1 ]) E1V N ]:id (by lemma 8.5.12) E V ]:id : 2

Theorem 8.5.14 (adequacy Cps-translation) Suppose ` M : num, where M does not contain control operators. Then M ! n i M id ! n . C

Proof. ()) Suppose M ! n. By lemma 8.5.11: M id ! M :id . We show M ! M implies M :id !+ M :id . E (x:M )V ]:id (x:M )V :(E ) (by lemma 8.5.12) (x:M )(V )(E ) ! M V=x](E ) (by lemma 8.5.9) + (! M V=x]:(E ) (by lemma 8.5.11) ! E V=x]M ]:id if V=x]M is a value (by lemma 8.5.13) E V=x]M ]:id otherwise (by lemma 8.5.12) :

0

0

(() By strong normalization of -reduction, M ! m for some numeral m, hence by ()) M id ! m. On the other hand, by hypothesis M id ! n, and by conuence n = m. 2

Exercise 8.5.15 Given a program M show that when following a call-by-name evalu-

ation of M :id all redexes are actually call-by-value redexes, that is the rhs of the redex is always a value. This fact is used in Plo75] to simulate call-by-value reduction in a call-by-name -calculus.

8.5. CONTROL OPERATORS AND CPS TRANSLATION (xe] s) (MN e] s) (x:M e] c : s) (C M e] s) (AM e] s) (ret(s) c : s ) 0

223

! (e(x) s) ! (M e] N e] : s) ! (M ec=x]] s) ! (M e] ret(s)) ! (M e] ) ! (c s)

Figure 8.17: Call-by-name environment machine handling control operators

Environment machines and control operators. Environment machines

provide a simple implementation of control operators. The stack of environment machines corresponds to the current evaluation context. The implementation of control operators then amounts to the introduction of operations that allow to manipulate the stack as a whole. To this end we introduce an operator ret that retracts a stack into a closure. Roughly, if the stack s corresponds to the evaluation context E then the closure ret(s) corresponds to the term x:AE x]. We consider rst the situation for call-by-name. The syntactic entities are dened as follows (note that the collection of closures is enlarged to include terms of the shape ret(s)).

M ::= v j v:M j MM j C M j AM e : V ar * Closures c ::= M e] j ret(s) s c1 : : : : : cn : The corresponding machine is described in gure 8.17. The formalization for call-by-value is slightly more complicated. Value closures and stack are redened as follows (as usual m stands for a marker): Value Closures vc ::= (v:M )e] j ret(s) Stack s m1 : c1 : : : mn : cn : The corresponding machine is described in gure 8.18. The last rule deserves some explanation: if ret(s) corresponds to x:AE x], vc corresponds to V , and s corresponds to E then the rule implements the reduction: Terms Environments Closures Stack

0

0

E (x:AE x])V ] ! E AE V ]] ! E V ] : 0

0

It is possible to relate environment machines and Cps interpretations LRS94]. We give a hint of the connection. Consider the following system of domain


224

(xe] s) (MN e] s) (vc r : c : s) (vc l : x:M e] : s) (C M e] s) (AM e] s) (vc l : ret(s) : s ) 0

! (e(x) s) ! (M e] r : N e] : s) ! (c l : vc : s) ! (M evc=x]] s) ! (M e] r : ret(s)) ! (M e] ) ! (vc s)

Figure 8.18: Call-by-value environment machine handling control operators equations where D is the domain of interpretation of closures, that is terms with an environment e 2 Env , C is the domain of continuations with generic element k, and R represents a domain of results: 8 >< D = C ! R DC k 2C >: CEnv = = Var ! D e 2 Env : We interpret the terms as follows, where stop is an arbitrary but xed element in C , and ret (k) = (c k ):ck. 0

x] e k MN ] e k x:M ] e hd ki CM ] e k AM ] e k

= e(x)k = M ] e h N ] eki = M ] ed=x] k = M ] e hret (k) stopi = M ] e stop :

Note that in the interpretation we work up to isomorphism. If we regard the continuation k as representing the stack s and hret (k) stop i as representing ret (s) then this interpretation follows exactly the pattern of the call-by-name machine described in gure 8.17.

Exercise 8.5.16 * De ne a Cps interpretation for call-by-value which corresponds to the machine described in gure 8.18.

Chapter 9 Powerdomains In example 8.1.1 we have presented a monad of non-deterministic computations which is based on the nite powerset. We seek an analogous of this construction in the framework of domain theory. To this end, we develop in section 9.1 the convex, lower, and upper powerdomains in categories of algebraic cpo's Plo76, Smy78]. In order to relate these constructions to the semantics of nondeterministic and concurrent computation we introduce in section 9.2 Milner's Ccs Mil89], a simple calculus of processes interacting by rendez-vous synchronization on communication channels. We present an operational semantics for Ccs based on the notion of bisimulation. Finally, in section 9.3 we give a fully abstract interpretation of Ccs in a domain obtained from the solution of an equation involving the convex powerdomain Abr91a].

9.1 Monads of Powerdomains We look for a construction in domain theory which can play the role of the nite (or nitary) subsets in the category of sets. The need for this development clearly arises when combining recursion with non-determinism. One complication is that, in the context of domain theory, there are several possible constructions which address this problem. Their relevance might depend on the specic application one is considering. In the following we concentrate on three powerdomains which rely on the notion of semi-lattice.

Denition 9.1.1 A semi-lattice is a set with a binary operation, say , that is associative, commutative, and absorptive, that is:

(x y) z = x (y z) x y = y x x x = x : From our perspective we regard the binary operation of a semi-lattice as a loose generalization of the union operation on powersets. We seek a method for generating freely this algebraic structure from a domain. We illustrate the 225

CHAPTER 9. POWERDOMAINS

226

construction for preorders and then extend it to algebraic cpo's. Let us consider semi-lattices whose carrier is a preorder.

Denition 9.1.2 A preordered semi-lattice is a structure (P ) where (P ) is a preorder, (P ) is a semi-lattice, and the semi-lattice operation is monotonic, that is x x and y y implies x y x y . Moreover, we say that a preordered semi-lattice (P ) is a join preordered semi-lattice if it satises x x y , and a meet preordered semi-lattice if it satises x y x. 0

0

0

0

Incidentally, we note in the following exercise that every semi-lattice gives rise to a poset with specic properties.

Exercise 9.1.3 Given a semi-lattice (P ) de ne x y i x y = y. Show that

(P ) is a poset with lub's of pairs. Exhibit a bijective correspondence between semilattices and posets with lub's of pairs.

However, we are looking in the other direction: we want to build a semi-lattice out of a poset. We dene the category in which we can perform this construction.

Denition 9.1.4 We denote with SP the category of preordered semi-lattices where a morphism f : (P ) ! (P ) is a monotonic function f : (P )! (P ) such that f (x y) = f (x) f (y). Let JSP (MSP) be the full subcategory of SP composed of join (meet) preordered semi-lattices. 0

0

0

0

0

0

The category SP has a subcategory of semi-lattices whose carriers are algebraic cpo's with a continuous operation , and whose morphisms are continuous.

Denition 9.1.5 We denote with SAcpo the category of preordered semi-lattices (P ) such that (P ) is an algebraic cpo, the operation is continuous, and a morphism f : (P ) ! (P ) is a continuous function f : (P ) ! (P ) such that f (x y) = f (x) f (y). Let JSAcpo (MSAcpo) be the full subcategory of SAcpo composed of join (meet) preordered semi-lattices. 0

0

0

0

0

0

We show that given an algebraic cpo there is a freely generated semi-lattice in the category SAcpo. In view of the technique of ideal completion (cf. proposition 1.1.21) this problem can be actually decomposed in the problem of freely generating a semi-lattice in the category SP, and then completing it to a semi-lattice in the category SAcpo. So, let us consider the situation for preorders rst. We + x some notation. Let Pfin (X ) denote the non-empty nite subsets of X . P is the category of preorders and monotonic maps. Forget : SP ! P is the functor that forgets the semi-lattice structure.

9.1. MONADS OF POWERDOMAINS

227

Theorem 9.1.6 The functor Forget : SP ! P has a left adjoint Free : P ! SP that is dened as:

+ Free (P ) = (Pfin (P ) c ) Free (f )(X ) = f (X )

where the semi-lattice operation is the set-theoretical union, and the so-called convex preorder is dened as:

X c Y i 8x 2 X 9y 2 Y (x y) and 8y 2 Y 9x 2 X (x y) :

Proof. The natural transformation P S : PP Forget (S )] ! SPFree (P ) S ] is dened as:

P S (f )(X ) = f (x1) f (xn) + where X = fx1 : : : xn g 2 Pfin (P ) and is the binary operation in S . The inverse 1 is dened as P S (h)(p) = h(fpg). We have to verify that these morphisms live in the respective categories. P S (f ) is monotonic. Suppose fx1 : : : xng = X c Y = fy1 : : : ymg. By the denition of the convex preorder we can nd two multisets X = fjw1 : : : wljg and Y = fjz1 : : : zljg in which the same elements occur, respectively, as in X and Y and such that wi zi, i = 1 : : : l. By monotonicity of f , and of the binary operation in S , we have: ;

0

0

f (w1) f (wl) S f (z1) f (zl) and by absorption:

P S (f )(X ) = f (w1) : : : f (wl ) P S (f )(Y ) = f (z1) : : : f (zl) :

P S (f ) is a morphism in SP. Immediate by associativity and absorption. We

leave to the reader the verication that P S1 is well dened as well as the check of the naturality of . 2 ;

Remark 9.1.7 The adjunction described in Stheorem 9.1.6 canonically induces (cf. theorem B.8.7) a convex monad (Pc f g ), where: + Pc (D) = (Pfin (D) c ) fS g : D ! Pc (D) f g(d) = fdg : Pc (Pc(D)) ! Pc(D) Sfx1 : : : xmg = x1 xm : Theorem 9.1.6 can be adapted to join and meet preordered semi-lattices by following the same proof schema.

228


Theorem 9.1.8 The forgetful functors Forget : JSP ! P and Forget : MSP ! P have left adjoints Free JSP : P ! JSP and Free MSP : P ! MSP, respectively, dened as: + Free JSP (P ) = (Pfin (P ) l ) + Free MSP (P ) = (Pfin (P ) u ) Free JSP (f )(X ) = Free MSP(f )(X ) = f (X ) where the semi-lattice operation is the set-theoretical union, and the so-called lower and upper preorders are dened as: 1 X l Y i 8x 2 X 9y 2 Y (x y) X u Y i 8y 2 Y 9x 2 X (x y) :

Example 9.1.9 We consider the poset O = f? >g where as usual ? < >.

We suppose that the semantics of a non-deterministic program is an element of + Pfin (O) = ff?g f>g f? >gg, ? expressing divergence and > convergence. The + convex, lower, and upper preorders induce three distinct preorders on Pfin (O). In the convex preorder f?g g g, in the lower preorder f? >g = f>g, and in the upper preorder f?g = f? >g. In this context, the lower preorder can be associated to partial correctness assertions, as it compares the outcomes of a program neglecting divergence, whereas the upper preorder can be associated to total correctness assertions, as it collapses programs that may diverge. The convex preorder is the most discriminating, as it compares computations with respect to both partial and total correctness assertions.

Let us see how theorem 9.1.6 can be extended to the category Acpo of algebraic cpo's and continuous functions via the ideal completion. There is a functor Forget : SAcpo ! Acpo. Let Ide : P ! Acpo be the ideal completion from preorders to algebraic cpo's which is left adjoint to the relative forgetful functor. Similarly, one can dene a functor SIde : SP ! SAcpo, which makes the ideal completion of the semi-lattice and extends the monotonic binary operation to a continuous one. Denition 9.1.10 Let D be an algebraic cpo and let x stand for c, l, or u. Then we dene a function Px ] : Acpo ! Acpo as follows: 2 + PxD] = Ide (Pfin (K(D)) x) :

Proposition 9.1.11 (1) If D is nite then Pc D] can be characterized as the collection of convex subsets with the convex partial order. Namely, we have + (fCon(u) j u 2 Pfin (D)g c), where Con(u) = fd j 9d d 2 u (d d d )g. 0

00

0

0

Observe the combination of the terminologies for semi-lattices and preorders: the lower preorder occurs with join preordered semi-lattices, and the upper preorder occurs with meet preordered semi-lattices. Note that X c Y i X l Y and X u Y . 2 Note the dierence between, say, P ( ) as dened in remark 9.1.7, and P ] as dened here. c c 1

9.2. CCS

229

(2) For the at domain (! ) the order Pc (! ) ] is isomorphic to the following + set with the convex preorder, fu j u 2 Pfin (!)g fu f?g j u !g. Proof hint. (1) This follows from the observation that K(D) = D and the fact that the ideal completion of a nite set does not add any limit point. (2) Left as an exercise. Note that every computation with a countable collection of results may also diverge. 2 Exercise 9.1.12 Characterize PxD] when x equals u or l and D is nite or (!) . The function Pc ] can be extended to a functor which is left adjoint to the forgetful functor. Proposition 9.1.13 There is a left adjoint Free to the forgetful functor Forget : SAcpo ! Acpo. Proof hint. We dene Free (D) = Pc D]. Given f : D ! E , we dene Free (f ) on the principal ideals by: + Free (f )(# fd1 : : : dm g) = fu 2 Pfin (K(E )) j u c ffd1 : : : fdm gg : Note that this is an ideal, and that Free (f ) can be extended canonically to Pc D]. ?

?

?

2 Exercise 9.1.14 Prove the analogous of proposition 9.1.13 for the categories JSAcpo and MSAcpo. Exercise 9.1.15 Show that the category of Scott domains is closed under the lower

and upper powerdomains constructions. Hint: it is enough to prove that every pair of compact elements which is bounded has a lub. On the other hand, show that the category of Scott domains is not closed under the convex powerdomain construction. Hint: consider the domain T2 where T = f? tt g. Exercise 9.1.16 Let D be a bi nite domain W and let fpigi I be theWassociated directed set of image nite projections such that i I pi = idD . Show that i I Pc pi ] = Pc id]. Conclude that bi nite domains are closed under the convex powerdomain. Extend this result to the lower and upper powerdomains. 2

2

2

9.2 Ccs The semantics of the programming languages considered so far associates to every input a set of output values. For instance, a nite set if the computation is nondeterministic but nitely branching (cf. example 8.1.1(2)). On the other hand, system applications often require the design of programs which have to interact repeatedly with their environment (e.g. other programs, physical devices,: : :). In this case the specication of a program as an input-output relation is not adequate. In order to specify the ability of a program to perform a certain action it is useful to introduce the simple notion of labelled transition system.


230

Denition 9.2.1 A labelled transition system (lts) is triple of sets (Pr Act !) where ! Pr Act Pr. We have adapted our notation to a process calculus to be introduced next, Pr stands for the collection of processes and Act for the collection of actions. We write p ! q for (p q) 2!, to be read as p makes an action and becomes q.

Denition 9.2.2 A lts is said to be image nite if, for all p 2 Pr, 2 Act, the set fp j p ! p g is nite. An image nite lts can be represented as a function !: Pr Act ! Pfin(Pr). 0

0

Next we present (a fragment of) Milner's Calculus of Communicating Systems (Ccs) Mil89]. Ccs is a model of computation in which a set of agents interact by rendez-vous synchronization on communication channels (syntactically one can think of an agent as a sequential unit of computation, that is as a process that cannot be decomposed in the parallel composition of two or more processes). In general several agents can compete for the reception or the transmission on a certain channel, however each accomplished communication involves just one sending and one receiving agent. Moreover any agent may attempt at the same time a communication on several channels (a non-deterministic sum is used for this purpose). In Ccs communication is pure synchronization, no data are exchanged between the sender and the receiver. Therefore, it is not actually necessary to distinguish between input and output. All we need to know is when two interactions are one dual of the other. This idea can be formalized as follows. Let L be a nite collection of labels (we make this hypothesis to simplify the interpretation described in section 9.3). Each label l 2 L has a complement l which belongs to L = fl j l 2 Lg. The overline symbol can be understood as a special marker that one adds to an element of L. The marker is chosen so that L and L are disjoint. We denote with a b : : : generic elements in L L. The complement operation is extended to L by making it involutive, that is a = a. Finally we dene the collection of actions Act = L L f g, where 2= L L. We denote with : : : generic elements in Act. The actions a a may be understood as complementary input/output synchronization operations on a channel. The action is an internal action in the sense that a process may perform it without the cooperation of the environment. In gure 9.1, we dene a calculus of processes which includes basic combinators for termination, sequentialization, non-deterministic sum, parallel composition, and restriction. A process is well-formed if it is: (i) closed, that is all process variables are in the scope of a x operator, and (ii) guarded, that is all (bound) process variables are preceded by a prex, for instance x X:a:X is guarded whereas x Y:(x X:a:X ) + Y is not. In the following we always assume that processes are

9.2. CCS

231

Process variables. V ::= X Y Z : : : Processes. P ::= 0 j V j :P j P + P j P j P j P na j x V:P Figure 9.1: Syntax Ccs well-formed, these are the objects for which an operational semantics is dened. The intuitive operational behaviour of the process operators is as follows. 0 is the terminated process which can perform no action. a:P is the prexing of a to P , that is a:P performs the action a and becomes P . P + P is the nondeterministic choice (sum) between the execution of P and that of P . The choice operator presented here is very convenient in the development of an algebra of processes. On the other hand its implementation on a distributed architecture requires sophisticated and expensive protocols. For this reason most parallel languages adopt a restricted form of non-deterministic choice. P j P is the parallel composition of P and P . P na is the process P where the channel a has become private to P . This operation is called restriction. Finally, x is the least x-point operator with the usual unfolding computation rule. We dene next a lts on processes. The intuitive interpretation of the judgment P ! P is the following: If then P may reduce to P by means of an internal autonomous communication. If a then P may reduce to P provided the environment supplies a dual action a. The denition of the lts proceeds non-deterministically by analysis of the process expression structure. The rules are displayed in gure 9.2. The rules (sum) and (comp) have a symmetric version which is omitted. Given a process P one may repeatedly apply the derivation rules above and build a possibly innite tree whose edges are labelled by actions. Exercise 9.2.3 (1) Show that any process without a x operator generates a nite tree. (2) Verify that any Ccs process generates an image nite lts. (3) Consider the a 0 j b:0 j j b:0, for an non-guarded process P x X:((X:0 + a:0) j b:0). Verify P ! arbitrary number of b:0's. Conclude that Ccs with unguarded recursive de nitions is 0

0

0

0

0

0

0

not image nite.

The tree representation is still too concrete to provide a reasonable semantics even for nite Ccs processes built out of prexing and sum. In the rst place the sum should be commutative and associative, and in the second place two identical subtrees with the same root should collapse into one. In other words


232

P1 ! P1 (prex ) :P ! ( sum ) P P1 + P2 ! P1 a a ! P1 (comp ) P j PP1 ! ( sync ) P1 ! P1 P2 ! P2 P1 j P2 P1 j P2 ! P1 j P2 1 2 P ! P 2= fa ag (x ) P x X:P=X ] ! P (res ) P na ! P na x X:P ! P 0

0

0

0

0

0

0

0

0

0

0

0

Figure 9.2: Labelled transition system for Ccs the sum operator of Ccs should form a semi-lattice with 0 as identity. For processes generating a nite tree, it is possible to build a canonical set-theoretic representation. We dene inductively:

ST0 = STn+1 = Pfin(Act STn) ST! = SfSTn j n < !g :

If P generates a nite tree then let P ] = f( P ] ) j P ! P g. For instance one can compute: 0

0

a:0 j a:0]] = f(a f(a )g) ( ) (a f(a )g)g :

Exercise 9.2.4 Verify that the previous interpretation is well-de ned for processes generating a nite tree and that it satis es the semi-lattice equations.

There are serious di#culties in extending this naive set-theoretic interpretation to innite processes. For instance one should have: x X:a:X ] = f(a f(a f(a : : : This seems to ask for the construction of a set A such that A = f(a A)g. Assuming the standard representation of an ordered pair (x y) as fx fx ygg we note that this set is not well-founded with respect to the belongs to relation as A 2 fa Ag 2 A. This contradicts the foundation axiom which is often added to, say, Zermelo-Fraenkel set-theory (see e.g. Jec78]). On the other hand it is possible to remove the foundation axiom and develop a non-standard set-theory with an anti-foundation axiom which assumes the existence of sets like A (see in particular Acz88] for the development of the connections with process calculi). In section 9.3, we will take a dierent approach which pursues the construction of a set-theoretical structure in domain theory relying on the convex powerdomain. The initial idea, is to associate to x X:a:X ]

9.2. CCS

233

the lub of elements of the shape f(a f(a : : : f(a ?)g : : :)g)g, modulo a suitable interpretation of the set-theoretical notation. In the following we develop the operational semantics of Ccs. To this end we introduce the notion of bisimulation Par81] which is a popular notion of equivalence on lts's. Let (Pr Act !) be a lts. We dene an equivalence relation over Pr that can be characterized as the greatest element of a collection of relations known as bisimulations or, equivalently, as the greatest x-point of a certain monotonic operator dened on the powerset of binary relations on Pr.

Denition 9.2.5 (operator F) Let (Pr Act !) be a given lts. We dene F : P (Pr Pr) ! P (Pr Pr) as: F (X ) = f(p q) j 8p (p ! p ) 9q (q ! q and (p q ) 2 X )) and 8q (q ! q ) 9p (p ! p and (p q ) 2 X ))g : Denition 9.2.6 The operator F is iterated as follows: F 0 = Pr Pr F +1 = F (F ) T F =
\

i I

\

F (Si) F ( Si) : i I

2

2

Suppose 8i 2 I (p Si q) and p ! p . By hypothesis, 8i 2 I 9q (q ! q and p Si q ). Moreover, the set Q = fq j q ! q and 9i 2 I (p Si q )g is nite, and the set fSigi I is codirected. It follows that there has to be a q 2 Q such that 8i 2 I (p Si q ). To see this, suppose q q 2 Q, p Si q , and p Sj q , for i j 2 I . Then 9k 2 I (Si Sj " Sk ). Moreover, 9q 2 Q (p Sk q ), from which p Si q and Tp Sj q follows. By applying a symmetric argument on Q we can conclude p F ( i I Si ) q . 2 0

0

0

0

0

0

0

0

0

2

0

0

0

0

00

0

000

0

0

000

00

000

000

2

Denition 9.2.9 (bisimulation) Let (Pr Act !) be a given lts. A binary relation S Pr Pr is a bisimulation if S F (S ).


234

Exercise 9.2.10 Show that: (i) the empty and identity relations are bisimulations, (ii) bisimulations are closed under inverse, composition, and arbitrary unions, and (iii) there is a greatest bisimulation. Verify that bisimulations are not closed under ( nite) intersection.

Denition 9.2.11 Let Pr be the collection of Ccs processes. Let F be the operator related to Ccs bisimulation. We denote with the largest Ccs bisimulation and we set = F . Exercise 9.2.12 Show for Ccs that = ! . Hint: apply exercise 9.2.3 and proposition 9.2.8.

Exercise 9.2.13 Prove that is a congruence for pre xing, sum, parallel composition,

and restriction. Hint: to prove that P Q it is enough to nd a bisimulation S such that P S Q. Let Pr] be the collection of equivalence classes generated by the greatest bisimulation on the set of Ccs processes. Extend the operations + and j to P ] and prove that (Pr] + 0]) is a semi-lattice, and that (Pr] j 0]) is a commutative monoid.

The previous exercise suggests that bisimulation equivalence captures many reasonable process equivalences. However, as stated it is still unsatisfactory as the internal action and an input-output action on a channel are treated in the same way. This implies that for instance, the process ::a:0 is not bisimilar to the process :a:0. One needs to abstract to some extent from the internal actions. A standard approach to this problem, is to consider a weak labelled transition system in which any action (in the sense of the lts dened in gure 9.2) can be preceded and followed by an arbitrary number of internal -actions.

Denition 9.2.14 Labelled weak reduction, say ) , is a relation over Ccs processes which is dened as follows:

P )a P i P (! ) !a (! ) P P ) P i P (! ) P : 0

0

0

0

Weak bisimulation is the greatest bisimulation relation built on top of the weak lts (which is uniquely determined according to denition 9.2.9). The properties of weak bisimulation with respect to Ccs operators are described in Mil89]. We will meet again this equivalence in chapter 16, for the time being we just observe some basic properties.

Exercise 9.2.15 Verify that the following equations hold for weak-bisimulation: ::P = :P P + :P = :P :(P + :Q) + :Q = :(P + :Q) :

9.3. INTERPRETATION OF CCS

235

9.3 Interpretation of Ccs

We dene an interpretation of Ccs in the binite domain D which is the initial solution of the domain equation:

D = Pc (Act D) ] # (1) ?

(9.1)

?

where # is the coalesced sum (cf. denition 1.4.22), ( ) is the lifting (cf. denition 1.4.16), and 1 is the one point cpo. The role of the adjoined element (1) is to represent the terminated process 0 (cf. Abr91b]). We denote with F the functor associated to Pc (Act ) ] # (1) . We will show that the related interpretation captures bisimulation (a full abstraction result). To this end, we will introduce a notion of syntactic approximation (denition 9.3.5). A syntactic approximation plays a role similar to that of nite Bohm trees in the -calculus (cf. denition 2.3.1): it provides an approximate description of the operational behaviour of a process. It turns out that syntactic approximations, are interpreted in the domain D by compact elements. The key lemma 9.3.12 relates syntactic and semantic approximations. Full abstraction, is then obtained by going to the limit. The existence of an initial solution to equation 9.1 can be proven by the technique already presented in section 3.1 and generalized in section 7.1. However, in order to relate denotational and operational semantics of Ccs it is useful to take a closer look at the structure of D. The domain D is the !-colimit in Bif ip of the !-chain fF n(1) F n(f0)gn ! where the morphism f0 : 1 ! F (1) is uniquely determined in Bif ip (cf. theorem 7.1.15). We note that, for each n 2 !, the domain F n(1) is nite. Therefore the ideal completion has no eect, and we have + that F n+1(1) ((Act F n(1)) ) # (1) c). Every compact element in = (Pfin D can be regarded as an element in F n(1), for some n 2 !, and, vice versa, every element in F n(1) can be regarded as a compact element in D. It is actually convenient to build inductively the collection of compact elements. ?

?

?

?

2

?

?

Denition 9.3.1 (compacts) The sets Kn , for n 2 !, are the least sets such that:

f?g 2 K0

2 Kn+1

i 2 Act di 2 Kn m 1 f(1 d1) : : : (m dm)g 2 Kn+1

i 2 Act di 2 Kn m 0 f?g f(1 d1) : : : (m dm)g 2 Kn+1 :

Proposition 9.3.2 For any n 2 !, (1) Kn Kn+1 , and (2) if d d 2 Kn then d d 2 Kn . Proof hint. By induction on n. 2 0

0


236

It is easy to verify that elements in Kn are in bijective correspondence with elements inSF n(1). The bijection becomes an order isomorphism when the elements in K = n ! Kn are ordered as follows. 2

Denition 9.3.3 (order) Let be the least relation on K such that (I J can be empty):

8i 2 I 9j 2 J (i = j and di dj ) 8j 2 J 9i 2 I (i = j and di dj ) f(i di ) j i 2 I g f(j dj ) j j 2 J g 0

0

0

0

0

0

8i 2 I 9j 2 J (i = j and di dj ) f?g f(i di ) j i 2 I g f(j dj ) j j 2 J g 0

0

0

0

8i 2 I 9j 2 J (i = j and di dj ) f?g f(i di ) j i 2 I g f?g f(j dj ) j j 2 J g : 0

0

0

0

This provides an explicit description of the compact elements. We can assume D = Ide(K ) with the inclusion order, and K(D) = f# d j d 2 K g. We denote with I J elements in D. We can explicitly dene a chain fpn gn ! of image nite projections on D by: pn (I ) = I \ Kn (9.2) In gure 9.3 we dene inductively on K monotonic functions corresponding to the Ccs operators. Of course, these functions can be canonically extended to continuous functions on D. In general, given f : K n ! K we dene f^ : Dn ! D as: f^(I1 : : : In) = f# f (d1 : : : dn) j dj 2 Ij j = 1 : : : ng (9.3) Next we dene a notion of syntactic approximation of a process. Syntactic approximations can be analysed by nite means both at the syntactic level, as it is enough to look at a nite approximation of the bisimulation relation (proposition 9.3.7), and at the semantic level, as they are interpreted as compact elements (definition 9.3.8). To this end we suppose that the language of processes is extended with a constant ?. The notion of labelled transition system and bisimulation for this extended calculus are left unchanged (so ? behaves as 0, operationally). 2

Denition 9.3.4 We dene inductively a collection of normal forms Nk : 8i 2 I (Ni 2 Nk ) ]I < ! : ? 2 N0 'i I i :Ni 2 Nk+1 If I = f1 : : : ng then 'i I i:Ni is a shorthand for 1:N1 + + n :Nn . Con2

2

ventionally 0 stands for the empty sum. We consider terms up to associativity and commutativity of the sum, hence the order of the summands is immaterial.


237

Nil 2 K Nil = Pre : K ! K Pre(d) = f( d)g Sum : K 2 ! K Sum(d d ) = d d 0

Resa : K ! K Resa(f?g) Resa() Resa(f(i di) j i 2 I g) Resa(f?g f(i di) j i 2 I g)

0

= f?g = = f(i Resa(di)) j i 2 I i 2= fa agg (I 6= ) = f?g f(i Resa(di)) j i 2 I i 2= fa agg

Par : K 2 ! K Par(f?g d) = Par(d f?g) Par( d) = Par(d )

= f?g =d f( Par(d f( d )g))g Par(f( d)g f( d )g) = f( Par(f( d)g d ))g f( Par(d d )) j = 2 L Lg Par(fdi j i 2 I g fdj j j 2 J g) = Si I j J Par(di dj ) (]I + ]J 3 ]I ]J 1) 0

0

0

0

0

0

2

0

0

2

Figure 9.3: Interpretation of Ccs operators on compact elements


238

Denition 9.3.5 (syntactic approximation) For any process P , we dene a k-th approximation (P )k 2 Nk as follows: (P )0 =? (:P )k+1 = :(P )k (P + P )k+1 = (P )k+1 + (P )k+1 (x X:P )k+1 = (x X:P=X ]P )k+1 0

0

(P )k+1 = 'i I i:Pi (P na)k+1 = 'fi:(Pi na)k j i 2 I i 2= fa agg 2

(P )k+18= 'i I i:Ni (P )k+1 = 'j J j :Nj >< 'i I i:(Ni j 'j J j :Nj )k + (P j P )k+1 = > 'j J j :('i I i:Ni j Nj )k + : 'f:(Ni j Nj )k j i 2 I j 2 J i = j g : 0

2

2

0

2

2

2

0

0 0

2

0

To show that the denition is well-founded we dene a measure nx on processes that counts the number of recursive denitions at top level: nx (0) = nx (X ) = nx (:P ) = 0 nx (P na) = nx (P ) nx (P j P ) = nx (P + P ) = max fnx (P ) nx (P )g nx (x X:P ) = 1 + nx (P ) : 0

0

0

By the hypothesis that recursive denitions are guarded we have nx (x X:P ) = 1 + nx (P x X:P=X ]).

Exercise 9.3.6 Prove that the de nition of k-th approximation is well-founded. by induction on (n n x (P ) P ).

Proposition 9.3.7 Let P Q be processes. Then: P Q i 8k 2 ! ((P )k k (Q)k ) : Proof. First, we observe that for any process P : (P )0 = ? 2 N0 (P )k+1 = 'f:(P )k j P ! P g 2 Nk+1 : 0

0

It follows that for any process P , and for any k 2 !, (P )k k P . Combining with proposition 9.2.8 and using the transitivity of the relation k we can conclude that: P Q i 8k 2 ! (P k Q) i 8k 2 ! ((P )k k (Q)k ) :

2


239

Denition 9.3.8 We dene an interpretation in K of the normal forms (with reference to the operators in gure 9.3):

?] K = f?g 0]]K = K K :N ] = Pre(N ] ) N + N ] K = Sum(N ] K N ] K ) : Proposition 9.3.9 Let N N 2 Nn be normal forms, for n 2 !. Then (1) N ] K 2 Kn , and (2) N n N i N ] K = N ] K . Proof hint. By induction on n. 2 The interpretation of normal forms is canonically lifted to all processes, by taking the continuous extensions (cf. equation 9.3) of the functions dened in gure 9.3, and interpreting x as the least x-point. This is spelled out in the following denition. 0

0

0

0

0

Denition 9.3.10 (interpretation) Let V be the collection of process variables, and let : V ! D be an environment. We interpret a process P in the environment as follows: 0]] =#S() :P ] = Sf# (f( d)g) j d 2 P ] g P + P ] = f# (d d ) j d 2 P ] d 2 P ] g P na] = S f# (Resa(d)) j d 2 P ] g S P j P ] = Sf# (Par(d d )) j d 2 P ] d 2 P ] g x X:P ] = n ! In with I0 =# (f?g) In+1 = P ] In=X ] X] = (X ) : 0

0

0

0

0

0

0

0

2

Exercise 9.3.11 Prove that the function d: P ] d=X ] is continuous. Lemma 9.3.12 (approximation) For any process P , n 2 !, pn (P ] ) = P ] \ Kn = (P )n] : Proof hint. By induction on (n nx (P ) P ). We consider a few signicative cases. :P We compute: :P ] \ Kn+1 = SSf# (f( d)g) j d 2 P ] \ Kn g = f# (f( d)g) j d (P )n] K g =# (f( (P )n] K )g) =# ((:P )n+1] K ) : x X:P A direct application of the induction hypothesis: x X:P ] \ Kn+1 = P x X:P=X ]]] \ Kn+1 =# ((P x X:P=X ])n+1 ] K ) =# ((x X:P )n+1 ] K ) :


240

P j P We have: 0

P j P ] \ Kn+1 = S f# (Par(d d )) j d 2 P ] d 2 P ] g \ Kn+1 S = Sf# (Par(d d )) j d 2 P ] \ Kn+1 d 2 P ] \ Kn+1 g \ Kn+1 = f# (Par(d d )) j d (P )n+1] K d 2 (P )n+1 ] K g \ Kn+1 =# (Par((P )n+1] K (P )n+1] K )) \ Kn+1 =# ((P j P )n+1 ] K ) : 0

0

0

0

0

0

0

0

0

0 0

0

2

Theorem 9.3.13 (full abstraction) Let P Q be Ccs processes. Then: P Q i P ] = Q] : Proof. By proposition 9.3.7, P Q i 8k 2 ! ((P )k k (Q)k ). By proposition 9.3.9, 8k 2 ! ((P )k k (Q)k ) iW 8k 2 ! (P )k ] = (Q)k] . By lemma 9.3.12, (P )k ] = pk (P ] ), and since k ! pk = id , we have P ] = Q] i 8k 2 ! (pk (P ] ) = pk (Q] )). 2 Remark 9.3.14 (1) Not all compact elements in D are denable by a Ccs pro2

cess. Indeed, if this was the case then full abstraction would fail. For instance we would have P + ? P , whereas in general P + ?] 6= P ] . It is possible to rene the bisimulation relation by taking diverging elements into account (cf. Abr91b]). (2) At the time of writing, the denotational framework described here has not been adapted in a satisfying way to capture weak bisimulation.

Chapter 10 Stone Duality We introduce a fundamental duality that arises in topology from the consideration of points versus opens. A lot of work in topology can be done by working at the level of opens only. This subject is called pointless topology, and can be studied in Joh82]. It leads generally to formulations and proofs of a more constructive nature than the ones \with points". For the purpose of computer science, this duality is extremely suggestive: points are programs, opens are program properties. The investigation of Stone duality for domains has been pioneered by Martin-Lof ML83] and by Smyth Smy83b]. The work on intersection types, particularly in relation with the D models, as exposed in chapter 3, appears as an even earlier precursor. We also recommend Vic89], which oers a computer science oriented introduction to Stone duality. 1

In sections 10.1 and 10.1 we introduce locales and Stone duality in its most abstract form. In sections 10.2 and 10.4 we specialise the construction to Scott domains, and to binite domains. On the way, in section 10.3, we prove Stone's theorem: every Boolean algebra is order-isomorphic to an algebra of subsets of some set X , closed under set-theoretic intersection, union, and complementation. The proof of Stone's theorem involves a form of the axiom of choice (Zorn's lemma), used in the proof of an important technical lemma, known as Scott open lter theorem. In contrast, the dualities for domains can be proved more directly, as specialisations of a simple duality, which we call the basic domain duality. (We have not seen this observation in print before.) Once the dualities are laid down, we can present the domain constructions \logically", by means of formulas representing the compact opens. This programme, which has been carried out quite thoroughly by Abramsky Abr91b], is the subject of sections 10.5 and 10.6. 241

CHAPTER 10. STONE DUALITY

242

10.1 Topological Spaces and Locales

If we abstract away from the order-theoretic properties of the opens of a topology, we arrive at the following denition. Denition 10.1.1 (locale) A locale, or a frame, is an ordered set (A ) satisfying the following properties: 1. every nite subset of A has a greatest lower bound, 2. every subset of A has a least upper bound, 3. the following distributivity property holds, for any x 2 A and Y A:

_ _ x ^ ( Y ) = fx ^ y j y 2 Y g:

In particular, there is a minimum (the empty lub) and a maximum (the empty glb). For any topological space (X X ), the collection X , ordered by inclusion, is a locale. The elements of a locale will be often called opens, even if the locale does not arise as a topology. We make some remarks about this denition:

Condition (1) is implied by condition (2), which in fact implies that all glb's

exist. But the maps we consider being those which preserve nite glb's and arbitrary lub's, it is natural to put condition (1) explicitly in the denition of a locale. Locales are equivalently dened as complete Heyting algebras, where a complete Heyting algebra is a complete lattice which viewed as a partial order is cartesian closed (cf. denition 4.2.3 and example B.5.3).

Denition 10.1.2 (frames/locales) The category Frm of frames is the category whose objects are locales, and whose morphisms are the functions preserving nite glb's and all lub's. The category Loc of locales is dened as Frmop . Locales and frames are named such according to which category is meant.

Since we develop the theory of locales as an abstraction of the situation with topological spaces, it is natural to focus on Loc: for any continuous function f : (X X ) ! (Y Y ), the function f 1 is a locale morphism from X to Y . ;

Denition 10.1.3 The functor : Top ! Loc, called localisation functor, is dened by

(X X ) = X (f ) = f 1: ;

The two-points at domain O = f? >g (cf. example 1.1.6) lives both in Top (endowed with its Scott topology f f>g f? >gg) and in Loc, and plays a remarkable role in each of these categories:

10.1. TOPOLOGICAL SPACES AND LOCALES

243

Top: For any topological space (X X ), the opens in X are in one-to-one correspondence with the continuous functions from (X X ) to O. Loc: O considered as a locale is terminal in Loc: let (A ) be a locale, and f : A ! f? >g be a locale morphism. Then f (?) = ? and f (>) = >,

since the minimum and maximum elements must be preserved. The fact that O is terminal in Loc suggests a way to recover a topological space out of a locale. The standard categorical way of dening a point in an object A is to take a morphism from the terminal object. We shall thus dene points of a locale A to be locale morphisms g : f? >g ! A. One may approach the reconstruction of points from opens in a perhaps more informative way by analyzing the situation of the locale X of some topological space X . If we try to recover a point x out of the locale X , the simplest idea is to collect all the opens that contain it. The fact that the mapping x 7! fU j x 2 U g is injective is exactly the property of the topology to be T0. Any set F = fU j x 2 U g (x xed) has the following properties: 1: It is closed under nite intersections: 2: It is upward closed : S 3: If P X and P 2 F then U 2 F for some U in P: The rst two conditions are those dening lters (cf. chapter 3). We abstract the three properties together in the following denition, which generalises and extends denition 3.3.8. Denition 10.1.4 ((completely coprime) lter) Let A be a partial order. A lter over A is an ideal over Aop, that is, a non-empty subset F such that: 1. If x 2 F and x y, then y 2 F . 2. 8x y 2 F 9z 2 F z x y . A lter F in (a complete lattice) A is called completely coprime if: 3. 8 Y A (W Y 2 F ) 9 y 2 Y y 2 F ) We consider two restrictions of condition (3) (in a lattice, in a dcpo, respectively): 3 . 8 Y n A (W Y 2 F ) 9 y 2 Y y 2 F ) 3 . 8 Y dir A W Y 2 F ) 9 y 2 Y y 2 F ) A lter satisfying (3 ) is called coprime, and a lter satisfying (3 ) is called a Scott-open lter (indeed, (3 ) is the familiar condition dening Scott opens, cf. denition 1.2.1). We write: F (A) for the set of lters of A Spec (A) for the set of coprime lters of A Pt (A) for the set of completely coprime lters of A: All these sets are ordered by inclusion. 0

00

0

00

00


244

Remark that if ? = W 2 F , then F is not coprime. In particular, coprime lters are proper subsets. Here is a third presentation of the same notion. The complement G of a completely coprime lter F is clearlyW closed downwards, and is closed under arbitrary lub's. In particular G =# ( G), and we have, by conditions (1) and (2): ^ _ _ P G (P nite ) ) 9p 2 P p G :

Denition 10.1.5 ((co)prime) Let (X ) be a partial order. An element x of X is called prime if ^ ^ 8 P n X ( P exists and P x) ) 9 p 2 P p x: WP Dually, a coprime element is an element y such that for any nite Q X , if exists and x W Q, then x q for some q 2 Q. Notice that a prime element cannot be > (= V ). Dually, the minimum, if it exists, is not coprime. Exercise 10.1.6 Show that if (X ) is a distributive lattice, then z 2 X is coprime i it is irreducible, i.e., z = x _ y always implies x = z or y = z .

Thus the complements of completely coprime lters are exactly the sets of the form # q, where q is prime, and there is a one-to-one correspondence between prime opens and completely coprime lters. The following proposition summarises the discussion.

Proposition 10.1.7 (points) The following are three equivalent denitions of

the set Pt (A) of points a locale A: locale morphisms from O to A completely coprime lters of A prime elements of A: We write x j= p to mean x(p) = >, p 2 x, or p 6 x, depending on how points are dened. The most standard view is p 2 x (completely coprime lters).

We have further to endow the set of points of a locale A with a topology.

Proposition 10.1.8 For any locale A, the following collection fUpgp A indexed over A is a topology over Pt (A): Up = fx j x j= pg. This topology, being the image of p 7! fx j x j= pg, is called the image topology. Proof. We have Up \ Uq = Up q , and SfUp j p 2 B g = UW B for any B A. 2

^

2such thattionThe Basic Duality The following result states that we did the right construction to get a topological space out of a locale. We call spatialisation, or Pt, the operation which takes a locale to its set of points with the image topology.


245

Proposition 10.1.9 ( a Pt ) The spatialisation A 7! Pt (A) provides a right adjoint to the localisation functor (cf. denition 10.1.3). The counity at A is the map p 7! fx j x j= pg (in Loc), and the unity is the map x 7! fU j x 2 U g (in Top).

Proof hint. Take as inverses: f 7! (p 7! f 1 (fy j y j= pg)) (f : X ! Pt (B ) (in Top) p 2 B ) g 7! (x 7! fp j x 2 g(p)g) (g : X ! B (in Loc) x 2 X ) : ;

2

Theorem 10.1.10 (basic duality) The adjunction a Pt cuts down to an

equivalence, called the basic duality, between the categories of spatial locales and of sober spaces, which are the locales at which the counity is iso and the topological spaces at which the unity is iso, respectively.

Proof. Cf. exercise B.6.4.

2

We shall restrict the basic duality to some full subcategories of topological spaces and locales. The following is an intrinsic description of sober spaces. We recall that the closure A of a subset A is the smallest closed subset containing it.

Proposition 10.1.11 (sober-irreducible) Let (X X ) be a T0-space. The

following are equivalent: 1 : (X X ) is sober 2 : each irreducible (cf. exercise 10.1.6) closed set is of the form fxg for some x: 3 : each prime open is of the form X nfxg for some x:

Proof. Looking at the unity of the adjunction, sober means: \all the completely coprime lters are of the form fU j x 2 U g". Unravelling the equivalence of

denitions of points, this gets reformulated as: \all the prime opens are of the S 2 form fU j x 62 U g", which is the complement of fxg. Remark 10.1.12 Any set of the form fxg is irreducible, so that in sober spaces, the irreducible closed sets are exactly those of the form fxg for some x. By denition of spatiality, a locale A is spatial if and only if, for all a b 2 A: (8 x 2 Pt (A) x j= a ) x j= b) ) a b

or equivalently: a 6 b ) 9 x 2 Pt (A) x j= a and x 6j= b. Actually, it is enough to nd a Scott-open lter F such that a 2 F and b 62 F . But a form of the axiom of choice is needed to prove this.

246


Theorem 10.1.13 (Scott-open lter) Let A be a locale. The following properties hold: 1. For every Scott-open lter F , we have Tfx 2 Pt (A) j F xg = F . 2. A is spatial i for all a b 2 A such that a 6 b there exists a Scott-open lter F such that a 2 F and b 62 F .

Proof. (1) " is obvious. We prove by contraposition. Suppose a 62 F . We want to nd an x such that F x and a 62 x. We claim that there exists a prime open p such that p 62 F and a p. Then we can take x = fc j c 6 pg. Consider the set P of opens b such that b 62 F and a b. It contains a, and every chain

of P has an upper bound in P (actually the lub of any directed subset of P is in P , because F is Scott open). By Zorn's lemma P contains a maximal element q. We show that q is prime. Suppose that S is a nite set of opens, and that b 6 q for each b in S . Then b _ q is larger than qV, and thus belongs to VF , by maximality of q. Since F is a lter, it also contains fb _ q j b 2VS g = ( S ) _ q, which is therefore larger than q, by maximality of q. A fortiori S 6 q. Hence q is prime and the claim follows. (2) One direction follows obviously from the fact that a point is a fortiori a Scott open lter. Conversely, if a 2 F and b 62 F , by (1) there exists a point x such that F x and b 62 x. Then x ts since a 2 F and F x imply a 2 x. 2 We shall not use theorem 10.1.13 for the Stone dualities of domains. But it is important for Stone's theorem (section 10.3). Another characterisation of sobriety and spatiality is obtained by exploiting the fact that in the adjunction a Pt the counity is mono (by denition of the topology on Pt (A), the map p 7! fx j x j= pg is surjective, hence, as a locale morphism, is a mono).

Proposition 10.1.14 Spatial locales and sober spaces are those topological spaces which are isomorphic to X for some topological space X , and to Pt (A) for some locale A, respectively.

Proof. By application of lemma B.6.6 to the adjunction a Pt .

2

We now exhibit examples of sober spaces. If a topological space is already T0, one is left to check that the mapping x 7! fU j x 2 U g reaches all the completely coprime lters.

Proposition 10.1.15 T2-spaces are sober. Proof. Let W be a prime open& in particular its complement is non-empty. Suppose that two distinct elements x y are in the complement, and take disjoint U V containing x y respectively. Then U \ V , being empty, is a fortiori contained


247

in W , but neither U nor V are, contradicting primeness of W . Thus a prime open W is necessarily the complement of a singleton fxg. We conclude by proposition 2 10.1.11 (in a T1-space, fxg = fxg). In exercise 1.2.6 we have anticipated that algebraic dcpo's are sober. This provides an example of a non-T2 (even non-T1, cf. chapter 1) sober space. Actually, more generally, continuous dcpo's (cf. denition 5.1.1) are sober. Before proving this, we exhibit a friendlier presentation of fxg in suitable topologies on partial orders.

Proposition 10.1.16 Given a poset X , and a topology over X , the following

are equivalent: 1 : 8 x 2 X fxg =# x 2 : weak Alexandrov 3 : = where the weak topology is given by the basis fX n # x j x 2 X g, and where is the specialisation ordering dened by 1.

Proof. (2) ) (1) If x 2 A (A closed), then # x A, since Alexandrov . Moreover # x is closed, since weak . Hence fxg =# x. (1) ) (2) If fxg =# x, then a fortiori # x is closed, hence weak . If A is closed and x 2 A, then fxg A, hence Alexandrov . (2) , (3) We have: , (x 2 U x y ) y 2 U ) , Alexandrov . (weak ) ) ( ): Suppose x 6 y. Then X n(# y) is an open containing x but not y, hence x 6 y . ( and Alexandrov ) ) (weak ): We have to prove that any X n(# x) is in . Pick y 2 X n(# x), i.e., y 6 x. Then implies that there exists an open U such that y 2 U and x 62 U . Since Alexandrov implies z 62 U for any z x, we have U X n(# x). 2 Proposition 10.1.16 applies in particular to the Scott topology S , since weak S (cf. exercise 1.2.2) and since S Alexandrov by denition. Proposition 10.1.17 The Scott topology for a continuous dcpo is sober. Proof. Let A be closed irreducible, and consider B = Sa A + a, (cf. denition 5.1.1). We rst prove that B is directed. Suppose not: let d d 2 B such that there exists no a 2 A and d % a such that d d d . We claim: * d \ * d \ A = : 2

0

00

0

00

0

1

We refer to section 1.2 for the denition of Alexandrov topology and specialisation ordering.


248

Indeed, suppose d d % a for some a 2 A. Then by directedness of + a there would exist d % a such that d d d , contradicting our assumption about d d . This proves the claim, which we rephrase as A (Dn * d) (Dn * d ): But this contradicts the irreducibility of A, since * d and * d are open (see exercise 5.1.12), and since d d 2 B can be rephrased as A \ * d 6= and A\ * d 6= : Hence B is directed. Since closed sets are closed downwards, we have B A. Hence W B 2 A since A is closed. We show that W B is an upper bound of A: this Wfollows immediately from the denition of continuous dcpo: if a 2 A, then 2 a = + a W B . Therefore A =# (W B ) = W B . 0

00

0

00

0

0

0

0

0

Scott topologies are not always sober. Proposition 10.1.18 (Johnstone) Consider ! f1g, ordered by: n n i n n in ! or n = 1. Consider the following partial order on the set D = ! (! f1g): (m n) (m n ) i (m = m and n n ) or (n = 1 and n m ): This forms a dcpo. Its Scott topology is not sober. Proof. We rst check that we have a dcpo. We claim that any element (m 1) is maximal. Let (m 1) (m n ): if m = m and 1 n , then 1 = n , while the other alternative (n = 1 and 1 m ) cannot arise because m ranges over !. In particular, there is no maximum element, since the elements (m 1) are comparable only when they are equal. Let $ be directed. If it contains some (m 1), then it has a maximum. Otherwise let (m n ), (m n ) be two elements of $: a common upper bound in $ can only be of the form (m n ), with m = m = m . Hence $ = fmg $ , for some m and some $ dir !. It is then obvious that $ has a lub. Next we observe that a non-empty Scott open contains all elements (p 1), for p su#ciently large. Indeed, if (m n) 2 U , then p n ) (m n) (p 1). In particular, any nite intersection of non-empty open sets is non empty. In other words is a prime open, or, equivalently, the whole space ! (! f1g) is irreducible. By lemma 10.1.16, we should have D =# x for some x, but we have seen that D has no maximum. 2 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

00

0

0

00

000

000

000

0

00

0

0

Nevertheless, sober spaces have something to do with Scott topology. Proposition 10.1.19 The specialisation order of any sober space (X ) forms a dcpo, whose Scott topology contains .

10.2. THE DUALITY FOR ALGEBRAIC DCPO'S

249

Proof. Let S be -directed. We show that its closure S is irreducible. Let S = F1 F2, and suppose S 6& F1 and S 6& F1. Let x 2 S nF1 and y 2 S nF2, and let z x y in S . Since S F1 F2, we have, say, z 2 F1. Then x 2 F1 by denition of : contradiction. Therefore S = fyg for some y. y is an upper bound: Pick s 2 S and suppose y 62 U . Then S = fyg X nU , and a fortiori s 62 U . Hence s y. We claim: If S \ U = then y 62 U: Indeed, S \ U = implies S \ U = , and a fortiori y 62 U . The rest of the

statement follows from the claim: y is the least upper bound: Let z be an upper bound of S , and suppose z 62 U . Then S \ U = by denition of , and y 62 U follows by the claim. Any open is Scott open: By the claim, since we now know that y = W S . 2 Exercise 10.1.20 Show that the statement of proposition 10.1.18 can actually be strengthened by replacing \Its Scott topology is not sober" by: \There is no sober topology whose specialisation order is the order of D". Hint: use proposition 10.1.19.

10.2 The Duality for Algebraic Dcpo's

We recall that in algebraic dcpo's the basic Scott-open sets Shave the form " a (a compact), and have the remarkable property that if " a i Ui, then " a Ui for some i. This motivates the following denition.

Denition 10.2.1 (coprime algebraic) Let (A ) be Wa partial order. A compact coprime is an element a such that, for all B A, if B exists and a W B , then a b for some b 2 B . A poset (D ) is called coprime algebraic if each element of D is the lub of the compact coprimes it dominates. We write C (D) for the set of compact coprime elements of D.

Remark 10.2.2 In denition 10.2.1, we do not specify under which lub's we assume A to be closed. In this chapter we are concerned with complete lattices, and in chapter ??, we shall have to do with bounded complete coprime algebraic cpo's.

Lemma 10.2.3 (lower-set completion) A complete lattice is coprime algebraic i it is isomorphic to the lower set completion of some partial order (X ), dened as Dcl (X ) = fY X j Y is a lower subsetg. In particular, a coprime

algebraic partial order is a (spatial) locale, since Dcl (X ) is Alexandrov's topology over (X ).

Proof. Like the proof of proposition 1.1.21.

2


250

Exercise 10.2.4 Show that \compact coprime" de ned as above is the same as \com-

pact and coprime". Show that a partial order A is coprime algebraic i it is an algebraic dcpo such that all nite lub's of compact coprime elements exist, and such that every compact is a nite lub of compact coprimes.

Lemma 10.2.5 Let A be a coprime algebraic locale. The points of A are in oneto-one correspondence with the lters over the set C (A) of compact coprimes of

A.

Proof. The inverses are G 7!" G and F 7! fx 2 F j x compact coprimeg. 2 Proposition 10.2.6 (duality { algebraic dcpo's) The basic duality cuts down to an equivalence between the category Adcpo of algebraic dcpo's and continuous functions, and the category of locales arising as lower set completions of some partial order. Proof. By lemma 10.2.3, any coprime algebraic locale is spatial. By proposition 1.1.21, any algebraic dcpo is isomorphic to Ide (X ) for some partial order (X ). By lemma 10.2.5 we have Ide (X ) = F (X op ) = Pt (Dcl (X op )):

(We omit the proof that the topology induced by Pt on Ide (X ) is Scott topology.) Therefore, up to isomorphism, the class of algebraic dcpo's is the image under Pt of the class of coprime algebraic locales. The statement then follows (cf. exercise B.6.5). 2 We call the duality algebraic dcpo's / coprime algebraic locales the basic domain duality. The key to this duality is that both terms of the duality have a common reference, namely the set C (A) of compact coprimes on the localic side, the set K(D) of compacts on the spatial side, with opposite orders: (K(D) ) = (C (A) ): We shall obtain other dualities for various kinds of domains as restriction of the basic domain duality, through the following metalemma.

Lemma 10.2.7 If (S ) is a property of algebraic dcpo's and (L) is a property of locales such that any algebraic dcpo satises (S ) i its Scott topology satises (L), then the basic domain duality cuts down to a duality between the category of algebraic dcpo's satisfying (S ) and the category of coprime algebraic locales satisfying (L).

Proof. Cf. exercise B.6.5. Here are two examples of the use of lemma 10.2.7.

2


251

Proposition 10.2.8 (duality { algebraic cpo's) The basic domain duality restricts to an equivalence between the category Acpo of algebraic cpo's and continuous functions on one side, and the category of locales arising as lower set completions of a partial order having a largest element.

Proof. By lemma 10.2.7, with \has a minimum element" for (S ), and \has a maximum compact coprime" for (L). If D satises (S ), then " ? ts. If " x is the maximum compact coprime of D, then " y " x for any other compact 2

coprime, i.e., x is minimum.

Proposition 10.2.9 (duality { Scott domains) The basic domain duality cuts down to an equivalence between the category of Scott domains (cf. denition 1.4.9) and continuous functions on one side, and the category of locales arising as lower set completions of a conditional lower semi-lattice (i.e., a poset for which every nite lower bounded subset has a glb).

Proof. Take \has a minimum element, and binary compatible lub's" as (S ),

and \compact coprimes form a conditional lower semi-lattice" as (L), and notice that x _ y exists i " x " y have a glb. 2 We can use exercise 10.2.4 to get an alternative description of the posets arising as lower set completions of conditional lower semi-lattices:

Proposition 10.2.10 The following conditions are equivalent for a coprime algebraic partial order A: 1. A is isomorphic to the lower set completion of a conditional lower semilattice. 2. Finite glb's of compacts are compact and any nite glb of compact coprimes is coprime or ?.

Proof. By proposition 10.2.3, (1) can be replaced by: 1 . The compact coprimes of A form a conditional lower semi-lattice. Also, since all lub's exist in A, glb's also exist and are dened by 0

_

_

fx j 8 p 2 P x pg = fq j q compact coprime and 8 p 2 P q pg:

Now, consider a nite set P of compact coprimes. There are two cases: P has no compact coprime lower bound: thenVV P = W = ?: P has a compact coprime lower bound: then P 6= ?: (1 ) ) (2) We already know that A is a locale& a fortiori it is distributive. Let W d = a1 _ _ am and e = b1 __ bn be two compacts. Then d ^ e = i j (ai ^ bj ). 0


252

It is enough to check that each ai ^ bj is compact. If fai bj g has no compact coprime lower bound, then a1 ^ bj = ?, which is compact. Otherwise, ai ^ bj is compact by assumption. (2) ) (1 ) We have to prove that, in case (b), V P is compact and coprime. It is compactVby the rst part of the assumption. By the second part of the assumption, P is either coprime or ?. Since (b) implies V P 6= ?, V P is coprime. 2 0

Information Systems An alternative description of Scott domains is obtained

by starting, not from a conditional upper semi-lattice, but from a partial order equipped with a weaker structure, which we rst motivate. Let A be a conditional upper semi-lattice. Let I1 I2 I 2 Ide (A) be such that I1 I2 I . Then the lub of I1 I2 is given by the following formula: _ I1 _ I2 = fa j a X for some X n I1 I2g: This suggests us to consider the collection of the nite bounded subsets X of A, W and the pairs (X a) with the property a X . It turns out that we actually do not need to be so specic about this structure. It is enough to have a distinguished collection Con of nite subsets over which X ranges, and an \entailment" relation ` consisting of pairs (X a). This view leads us to Scott's notion of information system Sco82], whose axioms we shall discover progressively. Given a partial order A of tokens, a subset Con of nite subsets of A, and a relation ` Con A, we construct a \completion" whose elements are the non-empty subsets x 2 A which satisfy: 1: X n x ) X 2 Con 2: (X n x and X ` a) ) a 2 x: If A is a conditional upper semi-lattice, if Con is the boundedness predicate and X ` a is dened by a W X , then it is easily checked that conditions (1) and (2) together characterise the ideals of A (notice that (1) is weaker than directedness, and (2) is stronger thanSdownward closedness). A directed union $ of elements is an element: ifSX n $, then by directedness X n x for some x 2 $, and (1) and (2) for $ follow from (1) and (2) applied to x. Candidates for the compact elements are the elements of the form X = fa j X ` ag. The sets X are not necessarily nite, but can be considered nitely generated from X . We expect thatX X and that X is an element (which by construction is the smallest containing X ). This is easily proved thanks to the following axioms: (A) (X 2 Con and a 2 X ) ) X ` a (B) X Y 2 Con ) X 2 Con (C) X ` a ) X fag 2 Con (D) (fa1 : : : ang ` a and X ` a1 : : : X ` an) ) X ` a:


253

Axiom (D) is exactly condition (2) for X . As for (1), we check, say, that if a1 a2 2 X , then fa1 a2g 2 Con . First, an easy consequence of (A) and (D) is: (X Y 2 Con and X ` a) ) Y ` a: Applying this to X , X fa1g (which is in Con by (C)) and a2, we obtain X fa1g ` a2, and deduce fa1 a2g 2 Con by (A) and (B). The elements X form a basis: Consider an element x and fX j X xg = fX j X xg. This set is directed, since if X1 X2 x, then X1 X2 x and X1 X2 X1 X2. Its union is x thanks to the following axiom: (E) 8 a 2 A fag 2 Con : We are left to show that X is compact. This follows easily from: X x i X x. Finally, we address bounded completeness. If x1 x2 x, then x1 _ x2 = fa j 9 X x1 x2 X ` ag: Denition 10.2.11 We call information system a structure (A Con `) satisfying the above axioms (A)-(E), and we write D(A Con `) for the set of its elements ordered by inclusion. Theorem 10.2.12 The class of all bounded complete algebraic dcpo's is the class of partial orders which are isomorphic to D(A Con `), for some information system. Proof. We have done most of the work to establish that D(A Con `) is algebraic and bounded complete. Conversely, given D, we take the \intended" interpretation discussed above: A = K(D), X 2 Con i X has an upper bound, W and X ` d i d X . 2 Theorem 10.2.12 is an example of a representation theorem, relating abstract order-theoretic structures (Scott domains) with more concrete ones (information systems). Event structures, concrete data structures, considered in sections 12.3, 14.2, respectively, will provide other examples of representation theorems. Exercise 10.2.13 In our treatment, we have not included the axiomatisation of the minimum element. Show that this can be done by means a special token (which Scott has called ).

Information systems allow for an attractive characterisation of injection-projection pairs, in the line of proposition 3.1.4 and remark 3.1.5. Exercise 10.2.14 Show that, for any two bounded complete algebraic dcpo's D D , there exists an injection-projection pair between D and D i there exist two information systems (A Con `) and (A Con ` ) representing D and D (i.e., such that D, D are isomorphic to D(A Con `), D(A Con ` ), respectively), and such that A A Con = Con \ A `=` \(Con A): 0

0

0

0

0

0

0

0

0

0

0

0

0


254

10.3 Stone Spaces * In this section we focus on algebraicity on the localic side, and prove Stone's theorem. The \algebraic cpo line" (section 10.2) and the \algebraic locale line" will be related when addressing Stone duality for binite domains (section 10.4).

Proposition 10.3.1 Algebraic locales, i.e., locales which viewed as cpo's are algebraic, are spatial.

Proof. Let a 6 b. By theorem 10.1.13, it is enough to nd a Scott-open lter F such that a 2 F and b 62 F . By algebraicity, we can nd a compact d such that d a and d 6 b. Then the lter F =" d is Scott-open and ts. 2

Proposition 10.3.2 1. The ideal completions of sup-semi-lattices are the algebraic complete lattices (i.e., the algebraic cpo's with all lub's). 2. The ideal completions of lattices are the algebraic complete lattices whose compact elements are closed under nite glb's. 3. The ideal completions of distributive lattices are the algebraic locales whose compact elements are closed under nite glb's.

Proof. (1) Let A be an algebraic complete lattice. Then K(A) is a sup- semi-lattice,

since the lub of a nite set of compacts is always compact. Conversely, it is enough to dene binary lub's, since theWexistence of directed and binary lub's implies the existence of all lub's. Dene a _ b = fd _ e j d e 2 K(A) d a and e bg. (2) Obvious. (3) Let X be a distributive lattice. We show that A = Ide (X ) is distributive. We have, for ideals:

I_^ J = fz j 9 a 2 I b 2 J z a ^ bg Ii = fz j 9 i1 : : : in a1 2 I1 : : : an 2 In z a1 _ _ an g : i I 2

2 J ^ (Wi I Ii), then z a ^ (a _ _ an ) for some a 2 J and a 2 Ii :W: : an 2 Ii , hence z (a ^ a ) _ _ (a ^ an ) by distributivity of X , and z 2 i I (J ^ Ii ). 2 Hence, if z

n

1

1

2

1

1

2

Denition 10.3.3 (coherent locale) Locales arising as ideal completions of distributive lattices are called coherent (or spectral). A topological space is called coherent if its topology is coherent.

In particular, coherent topological spaces are compact (the total space is the empty glb).

Proposition 10.3.4 (duality { coherent) The basic duality cuts down to an equivalence between the category of coherent topological spaces and the category of coherent locales.

10.3. STONE SPACES *

255

Proof. Coherent locales are a fortiori algebraic locales, hence they are spatial by proposition 10.3.1. The statement follows (cf. exercise B.6.5).

2

It is then possible to combine the correspondences: coherent spaces

$ coherent locales $

distributive lattices:

However, these correspondences do not extend to dualities of the respective \natural" categories of continous functions, locale morphisms, and DLat op morphisms, where DLat is the category of distributive lattices and lattice morphisms. The reason is that a locale morphism does not map compact elements to compact elements in general. However, this will be true of Stone spaces. As for coprime algebraic locales, the points of a coherent locale enjoy a simple characterisation.

Lemma 10.3.5 Let A be a coherent locale. Then the points of A are in one-to-one correspondence with the coprime lters over K(A):

Spec (K(A)) = Pt (A):

Proof. The inverse mappings are: G 7!" G and F 7! fx 2 F j x compactg. We check only that " G is coprime. Let x _ y 2" G. Let g 2 G be such that g x _ y . Since G is completely coprime, we may assume that g is compact. Since A is an algebraic lattice, we can write

_

fd j d xg) _ (_fe j e xg) = _fd _ e j d x e xg: By compactness, g d _ e, for some d e 2 K(A). Hence d _ e 2 G, and we have d 2 G or e 2 G, since G is prime, implying x 2" G or y 2" G. 2 x_y = (

Remark 10.3.6 The following table should help to compare lemmas 10.2.5 and 10.3.5:

F (C (A)) = Pt (A) Spec (K(A)) = Pt (A)

lter lower set completion prime lter ideal completion :

We move on to Stone spaces. There are several equivalent denitions of Stone spaces Joh82]. We choose the one which serves to prove the duality.

Denition 10.3.7 (Stone space) A Stone space is a T2-space whose topology is coherent.

Proposition 10.3.8 (duality { Stone) The Stone spaces are the topological spaces whose topology is isomorphic to the ideal completion of a Boolean algebra. The three following categories are equivalent: 1. Stone spaces and continuous functions, 2. The category of locales arising as ideal completions of Boolean algebras,


256

3. Boolop , where Bool is the category of Boolean algebras and lattice morphisms, that is, the functions preserving nite glb's and lub's.

Proof. Let (X X ) be a Stone space. We show that K(X ) is Boolean. In compact T2-spaces, compact subsets are closed, and hence the compact subsets are the closed

subsets. Hence the compact open subsets are the closed open subsets, which are closed under set-theoretic complementation. Conversely, let B be a Boolean algebra, and consider two distinct coprime lters G1 G2 of B . Combining proposition 10.1.8 and lemma 10.3.5, the opens of Pt (Ide (B )) are the sets Ub = fG j b 2" Gg. We look for b1 b2 in B such that G1 2 Ub1 , G2 2 Ub2 and Ub1 \ Ub2 = . G1 2 Ub1 , G2 2 Ub2 : Since G1 6= G2, we can pick, say, b1 2 G1nG2. We have, setting b2 = :b1: b1 _ b2 = 1 ) b1 _ b2 2 G2 (G2 lter) ) b1 2 G2 or b2 2 G2 (coprimeness) ) b2 2 G2 (b1 62 G2) : A fortiori, b1 2 G1 b2 2 G2 imply G1 2 Ub1 , G2 2 Ub2 . Ub1 \ Ub2 = : Suppose not, and let G be such that b1 2" G and b2 2" G. We have:

b1 ^ b2 = 0

) 0 2" G (" G is a lter) ) 0 2 G (denition of " G) ) G = B (G lter) :

But G = B contradicts the primeness of G. The categories (1) and (2) are equivalent by restriction of the basic duality. The equivalence between categories (2) and (3) follows from the following claim: the morphisms of category (2) map compact elements to compact elements. The claim is proved easily by taking advantage of spatiality and of the duality (1)/(2). We have seen that the compact opens are the closed opens. The claim then follows from the observation that for any continuous function f in Top, f 1 maps closed subsets to closed subsets. ;

2

10.4 Stone Duality for Binite Domains * In order to relate propositions 10.2.6 and 10.3.4, we have to understand under which conditions the Scott topology of an algebraic dcpo is coherent.

Proposition 10.4.1 An algebraic dcpo D is coherent as a topological space i it has

a minimum element and its basis satis es property M (cf. de nition 5.2.6).

Proof. Recall from the proof of proposition 10.2.6 that the compact coprimes of the

Scott topology of D are the " d's (d 2 K(D)). Therefore, the compacts of are the nite unions " d1 " dm . M ) coherent: We have to check that the compacts of are closed under nite intersections. For the empty intersection, take " ?. For the binary intersection, observe

10.4. STONE DUALITY FOR BIFINITE DOMAINS *

257

that (" d1 " dm ) \ (" e1 " en ) is a union of sets " di \ " ej , which can be written as " di\ " ej = UB (di ej ) = " x1 " xp (where MUB (di ej ) = fx1 : : : xpg) :

) M : Let Y = fy : : : yq g be a nite subset of K(D). Then UB (Y ) = " y \ \ " yq = " x " xp (for some x : : : xp by coherence) :

coherent

1

1

1

1

2

Denition 10.4.2 (coherent algebraising) A coherent locale is called coherent algebraising 2 if it coprime algebraic.

Thus \coherent algebraising" means \coherent + coprime algebraic". The following proposition provides an alternative denition of coherent algebraising locale.

Proposition 10.4.3 A bounded complete algebraic cpo D is coprime algebraic i it satis es the following decomposition property:

every compact d 6= ? is a nite lub of compact coprimes:

Proof. ()) Let d be compact, and let X = fe d j e compact coprimeg. We have: d = WX (by coprime algebraicity)

d e1 _ _ en for some e1 : : : en 2 X (by bounded completeness and algebraicity) : Hence d = e1 _ _ en . (() Putting together the algebraicity and the decomposition property, we have for any x 2 D: x = W Wfd x j d compactg = Wfe1 _ _ en j e1 : : : en compact coprime and e1 _ _ en xg = fe x j e compact coprimeg :

2

Proposition 10.4.4 (duality { algebraic + M ) The basic domain duality cuts down to an equivalence between the category of algebraic cpo's whose basis satis es M and the category of coherent algebraising locales. Proof. The statement follows from proposition 10.4.1: we apply lemma 10.2.7 with \has a minimum element and the basis satises M " for (S ), and \coherent" for (L). 2

The following lemma indicates the way to axiomatise binite domains logically. A more standard terminology for this is \coherent algebraic". We prefer to use \algebraising", to stress that one refers to the algebraicity of the Stone dual cpo, rather than to the algebraicity of the locale (which is also relevant and is part of the denition of \coherent"). 2


258

Lemma 10.4.5 Let D be an algebraic cpo. The following properties hold: T (" x) = S (" y)). 1. K(D) satis es M i (8 X K(D) 9 Y K(D) n

2. D is bi nite i

n

x X

y Y

2

2

8 X n K(D) 9 Y n K(D) T X Y and (8 Z Y 9 Z Y x Z (" x) = Sy Z (" y )) : Proof. (1) follows from the following claim, for X n K(D): 9 Y n K(D) \ (" x) = (" y) , MUB (X ) Y and MUB (X ) is complete: 1

x X

2

2

1

2

2

y Y

2

2

()) It is easy to check that MUB (X ) is the set of minimal elements of Y . (() Take Y = MUB (X ). (2) By the claim, the equivalence can be rephrased as: D is binite i

8 X n K(D) 9 Y n K(D) X Y and (8 Z Y MUB (Z ) Y and MUB (Z ) is complete) : and by denition, D binite means: 8 X n K(D) U (X ) is nite. ()) Take Y = U (X ). (() By induction on n, we obtain U n (X ) Y for all n, and since Y is nite the sequence fU n (X )gn becomes stationary. 2 1

1

0

Proposition 10.4.6 (duality { binite) The basic domain duality cuts down to an

equivalence between the category of bi nite cpo's and the category of coherent algebraising locales A satisfying the following property:

(^ _ ;clos )

(

8 X n C (A) 9 Y n C (A) V W X Y and (8 Z Y 9 Z Y Z = Z ) : 1

1

Proof. The statement follows from lemma 10.4.5: we apply lemma 10.2.7 with \binite" for (S ), and the property of the statement as (L).

2

In gure 10.1, we summarise the dualities for domains that we have proved in this chapter.

10.5 Scott Domains in Logical Form * We present domains via their compact open sets, constructed as (equivalence classes of) formulas. Abramsky has called this \domains in logical form". As a rst step in this direction, we show how to present the compact opens of D ! E in terms of the compact opens of D and E . When we write D, we mean the Scott topology on D.

10.5. SCOTT DOMAINS IN LOGICAL FORM *

sober spaces / spatial locales

259

algebraic dcpo's / coprime algebraic locales coherent spaces / coherent locales algebraic cpo's whose basis satises M / coherent algebraising locales

binite cpo's / coherent algebraising locales satisfying (^ _ ;clos ) (

Scott domains /

coprime algebraic locales where compact coprimes form a conditional lower semi-lattice

with: coprime algebraic = lower set completion of a partial order coherent = ideal ( completion of a distributive lattice algebraic + = closure of compacts under nite glb's

(

ideal completion of a distributive lattice + every compact is a nite lub of compact coprimes ( coprime algebraic + = closure of compacts under nite glb's

coherent algebraising =

coprime algebraic + compact coprimes form a conditional lower semi-lattice

)

=

(

coherent algebraising + glb's of compact coprimes are coprime or ?

Figure 10.1: Summary of dualities


260

Proposition 10.5.1 If D and E are algebraic cpo's such that D ! E is algebraic and its basis satis es M , then:

1. For any U 2 K(D) and V

2 K(E ), the following set is compact: U ! V = ff : D ! E j f (U ) V g:

2. Any compact open of D ! E is a nite union of nite intersections of such sets U ! V , where U V are moreover coprime.

Proof. (1) Let U =" d1 " dm and V =" e1 en . The denition of U ! V can be reformulated as

U ! V = ff : D ! E j 8 i 9 j f (di ) ej g \ = ( (" (di ! ej ))) : i j

S

Each " (di ! ej ) is compact, therefore each j (" (di ! ej )) is compact the conclusion follows by propositions 10.4.1 and 10.3.2.

(2) The compact opens of D ! E are the subsets of the form " f 1 " f p where each f i is compact, hence is of the form (d1 ! e1 ) _ _ (dq ! eq ), that is:

" f i =" (d ! e ) \ \ (dq ! eq ): Then the conclusion follows from the observation that " d !" e =" (d ! e), for any 1

1

2

compact d e.

A second step consists in constructing a logical theory based on these sets U ! V , now considered as (atomic) formulas. We seek a complete theory in the sense that if two dierent formulas u v present two opens u] v ] such that u] v ] , then u v is provable.

Proposition 10.5.2 Let D E be Scott domains. Then the set of compact opens of

D ! E is order-isomorphic to the partial order associated to a preorder " de ned as follows. The elements of " are formulas de ned by:

U 2 K(D) V 2 K(E ) U !V 2"

8 i 2 IVui 2 " (I nite) 8 i 2 IWui 2 " (I nite) i I ui 2 " i I ui 2 " 2

2

and the preorder is the least preorder closed under the following rules (where = stands for the equivalence associated with the preorder):

10.5. SCOTT DOMAINS IN LOGICAL FORM * uv vw uw

uu

8 i 2 I Wui v

u ^ (v _ w) (u ^ v ) _ (u ^ w)

(I nite)

ui Wi I ui

8 i 2 I u Vvi (I nite) u i I vi U U V V U !V U !V

V v v i i I i

i I ui 2

v

2

2

2

0

U ! (Ti I Vi ) = Vi I (U ! Vi)

0

2

0

S

261

V

U coprime S U ! ( i I Vi ) = Wi I (U ! Vi)

( i I Ui ) ! V = i I (Ui ! V ) 2

2

2

2

2

Proof. Proposition 10.5.1 gives us a surjection ] from " to D ! E (interpreting

^ _ as \ ). The soundness of the rules dening the preorder is easy to check, and implies that the surjection is monotonic. All what we have to do is to prove completeness: if u] v ] , then u v is provable. By propositionV 10.5.1, each formula u is provably equal to a nite disjunction of formulas of the form i I (Ui ! Vi), with the Ui 's and the Vi's coprime. We know from proposition 10.2.10 that Vi I (Ui ! Vi)]] = Ti I (Ui ! Vi) is either coprime or . The proof goes through two claims. Claim 1. WIf the Ui's and Vi's are coprime and Ti I (Ui ! Vi) = , then Vi I (Ui ! Vi ) = 0 (= ) is provable. Since UV i Vi are coprime, we can write Ui =" di , Vi =" ei , and Ui ! Vi =" (di ! ei ). Therefore, i I (Ui ! Vi ) = 6 i fdi ! ei j i 2 I g has an upper bound i fdi ! ei j i 2 I g has a lub i 8 J I fdj j j 2 J g has an upper bound ) fej j j 2 J g has an upper bound: T T Hence i I (Ui ! Vi) = iTthere exists J I such that j J Uj (hence is coprime, by proposition 10.2.10) and j J Vj = . Now the subclaim is proved as follows: ^ ^ ^ \ \ \ (Ui ! Vi ) (Uj ! Vj ) (( Uj ) ! Vj ) = ( Uj ) ! ( Vj ): 2

2

2

2

2

2

2

2

2

i I

j J

2

j J j J

2

2

j J

2

j J

2

2

T S T The last formula can be written ( j J Uj ) ! ( ), and since j J Uj is coprime, we have \ \ _ 2

(

j J

2

Uj ) ! (

j J

2

Vj ) =

V

2

:

T

By the subclaim, we can eliminate the conjunctions i I (Ui ! Vi ) such that i I (Ui ! Vi ) = . Call u v the resulting u = u1 __ um = u and v = v1 __ vn = v. Then we can write u1] =" f1 : : : um] =" fm v1] =" g1 : : : vn ] =" gn 0

0

0

0

0

0

0

0

0

2

0

0

0

2


262 and

u] v ]

, u ] v ] , 8 p " fp v ] , 8 p fp 2 v ] , 8 p 9 q fp gq , 8 p 9 q up] vq ] 0

0

0

0

0

which brings us to the following second claim.

0

V

If u v both have the form i I (Ui ! Vi ), with the Ui 's and Vi's coprime, if u] v ] , and if u ] v ] are coprime, then u v is provable. V By the denition of , we can assume that v is reduced to one conjunct: v = U ! V =" (d ! e). Then, setting Ui =" di and Vi =" ei for all i, the assumption u] v ] W reads as d ! e i I (di ! ei ), or, equivalently:

Claim 2 (coprime completeness).

2

0

_

e ( (di ! ei ))(d) = i I 2

T

2

0

_

fej j dj dg: T

Setting J = fj j dj dg, we have: U j J Uj and j J Vj V . Then

^

i I

(Ui ! Vi ) (

2

\

j J

2

Uj ) ! (

2

\

j J

2

Vj ) U ! V:

2

We now complete the proof of the completeness claim: u] v ] , 8 p 9Wq up ] vq ] W , u = k=1 ::: m uk l=1 ::: n ul = v 0

0

0

0

0

, 8 p 9 q up vq ) u=u v =v: 0

0

0

0

0

2

The last step consists in further \syntaxizing" domains, by dening a language of formulas, not only for K((D ! E )), but also for K(D), K(E ), and more generally for all types. Since the axioms used to describe K((D ! E )) involve coprimeness at the lower types, the coprimeness predicate has to be axiomatised as well.

Denition 10.5.3 Let f1 : : : ng be a xed collection of basic types, and let D1,: : :,Dn be xed Scott domains associated with 1 : : : n. Consider: The following collection of types:

::= i (i = 1 : : : n) j ! :

The system V =formal W for deriving typed formulas given in gure 10.2. 1 and = 0. The formal system for deriving two kinds of judgements u v (with u = v standing for : (u v and v u)) C (u) (\u is coprime")

given in gure 10.3.

We write

10.5. SCOTT DOMAINS IN LOGICAL FORM *

U 2 K(Di) U 2 "(i)

8 i 2 I Vui 2 "() (I nite) i I ui 2 "( ) 2

263

u 2 "() v 2 "( ) u ! v 2 "( ! )

8 i 2 I Wui 2 "() (I nite) i I ui 2 "( ) 2

Figure 10.2: Domain logic: formulas

uv vw uw

uu

8 i 2 I Wui v i I ui 2

u ^ (v _ w) (u ^ v ) _ (u ^ w) ui Wi I ui

(I nite)

v

2

V v v 8 i 2 I u Vvi (I nite) i i I i u i I vi u u vv U V 2 K(Di) U V U V u !v u!v u ! (Vi I vi ) = Vi I (u ! vi ) (Wi I ui) ! v = Vi I (ui ! v ) 2

2

0

0

0

2

2

C (1)

0

2

2

C (u) u ! (Wi I vi) = Wi I (u ! vi ) 2

2

U 2 K(Di) U coprime C (u) u = v C (U ) C (v) V 8 i 2 I C (ui) and C (vi) 8 J I ( j J vj = 0 ) Vj J uj = 0) (C ! Scott ) C (Vi I (ui ! vi )) 2

2

2

Figure 10.3: Domain Logic: entailment and coprimeness judgments


264 x:u2; ;`x:u

;`M :u ; uv `M :v

8 i 2 I ; fx :Wuig ` M : v (I nite) ; fx : i I ui g ` M : v

8 i 2 I ; ` M :Vui (I nite) ; ` M : i I ui

; fx : ug ` M : v ; ` x:M : u ! v

;`M :u!v ;`N :u ; ` MN : v 2

2

Figure 10.4: Domain logic: typing judgments

UV] = UT i I ui ] = i I ui ] 2

2

uW ! v ] = Su] ! v ] i I ui ] = i I ui ] 2

2

Figure 10.5: Semantics of formulas

The \type" system whose judgements have the form ; ` M : u, where M is a term and ; is a set consisting of distinct pairs x : v , given in gure 10.4. All the free variables of M are declared in ;, and ; means: = fx : u : : : xn : un g, ; = fx : v : : : xn : vn g, and ui vi for all i. 1

1

1

1

The denotational semantics of types and of simply typed -terms are de ned as in chapter 4: ! ] = ] ! ] etc... The meaning of the formulas of "( ), for all , is given in gure 10.5. Validity of the three kinds of judgements is de ned in gure 10.6.

Theorem 10.5.4 The following properties hold:

x1

j= u v j= C (u) : u : : : xn : un j= M : u 1

i i i

u] v ] u] is coprime 8 ((8 i (xi) 2 ui] ) ) M ] 2 u] )

Figure 10.6: Semantics of judgments

10.6. BIFINITE DOMAINS IN LOGICAL FORM *

265

1 : u v is provable i j= u v 2 : C (u) is provable i j= C (u) 3 : ; ` M : u i ; j= M : u

Proof hint. (1) and (2) have been already proved in substance in proposition 10.5.2. (3) is proved via a coprime completeness claim (cf. proposition 10.5.2). For an u such that u] is coprime, i.e., u] =" d for some compact d, M ] 2 u] reads d M ] . Then the coprime completeness claim follows from the following almost obvious equivalences:

d MN ] i 9 e (d ! e) M ] and e N ] by continuity (d ! e) x:M ] i e M ] d=x] by denition of d ! e :

2

10.6 Binite Domains in Logical Form * We sketch how the logical treatment just given for Scott domains can be adapted to binite cpo's.

Denition 10.6.1 (Gunter joinable) A nite subset Gunter joinable if

K(D) K(E ) is called

8 d 2 K(D) f(d e) 2 j d d g has a maximum in : Any Gunter joinable set induces a function G ( ) de ned by G ( )(x) = maxfe j 9 d (d e) 2 and d xg: 0

0

Lemma 10.6.2 If , are Gunter joinable, then: W 1 : G ( ) = fd ! e j (d e) 2 g 0

2 : d ! e G ( ) , 9 d e (d d e e and (d e) 2 ) 3 : G ( ) G ( ) , 8 (d e ) 2 9 d e d d e e and (d e) 2 0

0

0

0

0

0

0

0

0

0

Proof. (1) follows from the following remark: by denition of G ( ), if G ( ) 6= ?, then G ( )(x) = (d ! e)(x) for some (d e) 2 . (2) First recall that d ! e G ( ) can be reformulated as e 0

(() Then d

0

0

G ( )(d ). 0

! e d ! e, and a fortiori d ! e G ( ). ()) By denition of G ( ), G ( )(d ) = e for some (d e) 2 with d d . 0

0

0

0

(3) is an obvious consequence of (2).

0

0

2

Proposition 10.6.3 If D E are bi nite, then K(D ! E ) = fG ( ) j is Gunter joinableg.


266

Proof. Clearly, each G ( ), as a nite lub of step functions, is compact. Conversely,

we know from proposition 5.2.4 that the compact elements of D ! E have the form r(f ), where f : D ! E is a continuous function, and r is a nite projection dened from two nite projections p : D ! D and q : E ! E by r(f )(x) = q (f (p(x))). We have to nd a such that r(f ) = G ( ). We claim that the following does the job: = f(p(y ) q(f (p(y )))) j y 2 Dg:

is nite: by the niteness of the ranges of p q. is Gunter joinable: Let x 2 D. We claim: p(x) = maxfp(y) j y 2 D and p(y ) xg: Then obviously (p(x) q (f (p(x)))) is the maximum of f(d e) 2 j d xg. r(f ) = G ( ): We have: r(f (x)) = q (f (p(x))) by denition of r G ( )(x) = q(f (p(x))) by denition of G ( ) :

2

The following equivalent formulation of Gunter joinable subsets is due to Abramsky, and is more easy to capture in logical form. Proposition 10.6.4 Let f(di ei) j i 2 I g K(D) K(E ) be nite. Then f(di ei) j i 2 I g is Gunter joinable i 8 J I 9 K I MUB (fdj j j 2 J g) = fdk j k 2 K g and 8 j 2 J k 2 K ej ek : Proof. ()) Let m 2 MUB (fdj j j 2 J g), and let (dk ek ) = maxf(di ei) j di mg. We claim: m = dk . Since dk m by denition, it is enough to show that dk 2 UB (fdj j j 2 J g), which follows from the obvious inclusion fdj j j 2 J g f(di ei ) j di mg. This inclusion also implies 8 j 2 J ej ek . (() Let d 2 K(D), J = fj j dj dg, and let K be as in the statement. By property M there exists k 2 K such that d dk . But then k 2 J by denition of J , and since dk is both an upper bound and an element of fdj j j 2 J g, it is a maximum of this set. Moreover, since ej ek , for all j 2 J , we have that (dk ek ) is the desired maximum.2 Exercise 10.6.5 (*) Show that the statement of theorem 10.5.4 remains true after the following two changes in de nition 10.5.3: (1) D1 : : : Dn are now xed bi nite cpo's. (2) Axiom (C ! Scott ) of de nition 10.5.3 is replaced by the following axiom: 8 i 2 I C (ui) and C (vi) 8 J I 9 K I Vj J uj = Wk K uk and 8 j 2 J k 2 K vj vk (C ! bi nite ) C (V (u ! v )) 2

2

i I i 2

i

Hints: The principal diculty is to make sure that any u can be written as a disjunction V of formulas of the form i I (ui ! vi ) where the ui 's and the vi 's satisfy the conditions of rule (C ! bi nite ). Remove faulty disjunctions and replace them by disjunctions of conjunctions. Design a terminating strategy for this. 2

Chapter 11 Dependent and Second Order Types The main goal of this chapter is to introduce -calculi with dependent and second order types, to discuss their interpretation in the framework of traditional domain theory (chapter 15 will mention another approach based on realizability), and to present some of their relevant syntactic properties. Calculi with dependent and second order types are rather complex syntactic objects. In order to master some of their complexity let us start with a discussion from a semantic viewpoint. Let T be a category whose objects are regarded as types. The category T contains atomic types like the singleton type 1, the type nat representing natural numbers, and the type bool representing boolean values. The collection T is also closed with respect to certain data type constructions. For example, if A and B are types then we can form new types such as a product type A B , a sum type A + B , and an exponent type A ! B . In rst approximation, a dependent type is a family of types indexed over another type A. We represent such family as a transformation F from A into the collection of types T, say F : A ! T. As an example of dependent type we can think of a family Prod :bool : nat ! T that given a number n returns the type bool bool (n times). If the family F is indexed over the collection of all types T, say F : T ! T, then we are in the realm of second order types. As an example of a second order type we can think of a family Fun : T ! T that given a type A returns the type A ! A of functions over A. If types, and the collection of types T, can be seen as categories then we can think of dependent and second order types as functors. Let us warn the reader that in this preliminary discussion we are considering a simplied situation. In general we want to combine dependent and second order types. For example, we may consider the family Poly:Prod : T nat ! T that takes a type A, a number n, and returns the type A A (n times). Probably the most familiar examples of dependent and second-order types 267

268

CHAPTER 11. DEPENDENT AND SECOND ORDER TYPES

arise in logic. If (x) is a formula depending on the variable x then we can think of (x) as a family of propositions indexed over the universe of terms U , say : U ! Prop. This is a dependent type. On the other hand, if we consider a formula (X ), parametric in a formula variable X then we can think of (X ) as a family of propositions indexed over the universe of propositions, say : Prop ! Prop. This is a a second order type. If we allow quantications over variables we can form the formulas 8x:, and 9x:. This is the realm of rst-order logic. If moreover we allow quantications over formula variables we can form the formulas 8X:, and 9X:, and we are in the realm of second order logic. Dependent types also appear in several type systems (or generalized logics) such as DeBruijn's Automath dB80], Martin-Lof's Type Theory ML84], and Edinburgh LF HHP93]. Second order types appear in a rather pure form in Girard's system F Gir72] (which is equivalent to a system of natural deduction for minimal, implicative, propositional second order logic), they also appear, for instance, in the Calculus of Constructions CH88] but there they are combined with dependent types and more. Let us now look at the interpretation. Given a family A : U ! Prop we can obtain two new propositions 8U A, and 9U A where we understand 8U as a meet or a product, and 9U as a join or a sum. In general, given a family of types F : I ! T indexed over a category I we are interested in building two new types that we may denote, respectively, with *IF and 'IF , and that correspond, respectively, to the product and the sum of the family F . Relying on this informal discussion, we can summarize the contents of this chapter as follows. The main problem considered in section 11.1 is to provide a concrete domain-theoretical interpretation of the constructions sketched above. In particular, we build a category of domains that is \closed" under (certain) indexed products, and (certain) indexed sums. The rst simple idea is to interpret types as domains of a given category C, and the collection of types as the related category Cip of injection-projection pairs. What is then a dependent type F indexed over some domain D? Since every preorder can be seen as a category, it is natural to ask that F is a functor from D to Cip. Analogously a second order type will be seen as an endo-functor over Cip. However this will not su#ce, for instance we will need that the family F preserves directed colimits, namely it is cocontinuous. In section 11.2 we provide a syntactic formalization of the semantic ideas sketched above. To this end we introduce a calculus of dependent and second order types and discuss some of its basic properties. We call this calculus P 2calculus, following a classication proposed in Bar91a] (the \P " stands for positive logic and the \2" for second order). We also briey discuss an interpretation of the P 2-calculus which relies on the domain-theoretical constructions introduced in section 11.1. The interpretation is presented in a set-theoretical

11.1. DOMAIN-THEORETICAL CONSTRUCTIONS

269

notation, a general categorical treatment would require an amount of categorytheoretical background that goes beyond our goals. In this respect let us mention AL91] which contains a rather complete analysis of the categorical structure needed to interpret second order types from the viewpoint of indexed category theory and internal category theory. Several approaches to the categorical semantics of dependent types have been considered, we refer to JMS91] for an account based on brations. In section 11.3 we describe another interpretation of type theories based on the idea that types denote retractions. In this respect we take two dierent but related approaches. First, we further develop the properties of the domain of nitary projections studied in section 7.4. In particular we show how to represent dependent and second order types in this structure. It turns out that certain \size problems" encountered in the domain constructions described in section 11.1 can be avoided in this context. Second, we present an extension of the -calculus called p-calculus in which \p" is a constant that denotes the retraction of all retractions. We dene a simple, adequate translation of the P 2-calculus in the p-calculus. The P 2-calculus can be seen as the combination of two systems of independent interest: the system LF of dependent types and the system F of second order types. We reserve the sections 11.4 and 11.5 to a careful presentation of the syntactic properties of these two systems the main result being that both systems enjoy the strong normalization property (this property is enjoyed by the P 2-calculus as well and can be proved by combining the techniques for system F and system LF). We also discuss two interesting applications that illustrate the expressive power of these systems: (1) The system LF has been proposed as a tool for the encoding of certain recurring aspects of logical systems such as -conversion and substitution. We illustrate this principle by presenting an adequate and faithful representation of rst-order classical logic in LF. (2) The system F can represent a large variety of inductively dened structures and functions dened on them by iteration.

11.1 Domain-Theoretical Constructions

In set theory we may represent a family of sets as a function F : X ! Set. More precisely, we consider a graph given as f(x Fx)gx X . In this way we do not have to speak about the class of sets. We formulate some basic constructions that will be suitably abstracted in the sequel. In the rst place we can build the (disjoint) sum of the sets in the family as: 'X F = f(x y) j x 2 X and y 2 Fxg : Observe that there is a projection morphism p : 'X F ! X that is dened as p(x y) = x. On the other hand we can build a product of the sets in the family 2

270 as:

CHAPTER 11. DEPENDENT AND SECOND ORDER TYPES * X F = ff : X !

x X

Fx j 8x 2 X (fx 2 Fx)g :

2

There is another way to write *X F using the notion of section of the projection morphism p : 'X F ! X (the weakness of this method is that it requires the existence of 'X F ). A section is a morphism s : X ! 'X F such that p s = idX , in other words for any x 2 X the section s picks up an element in Fx. It is then clear that the collection of sections of p is in bijective correspondence with *X F . Exercise 11.1.1 Verify that the de nitions of X F and X F can be completed so to obtain sum and product of the objects in the family in the category of sets.

Exercise 11.1.2 Suppose that the family F : X ! Set is constant, say F (x) = Y for each x in X . Then verify that X F

= X Y , and X F

=X !Y.

Exercise 11.1.3 Show that every small category with arbitrary products is a poset (this is an observation of Freyd). Hint: We recall that a category is small if the collection of its morphisms is a set. Given two distinct morphisms f g : a ! b in the small complete category C consider I b. The cardinality of Ca I b] exceeds that of MorC when I is big enough.

Remark 11.1.4 Observe that in the denition of 'X F and *X F it is important

that X is a set, so that the graph of F is again a set, and so are 'X F and *X F . This observation preludes to the problem we will nd when dealing with second order types. In the interpretation suggested above neither the graph of a family F : Set ! Set nor 'SetF and *SetF turn out to be sets!

In the following we generalize the ideas sketched above to a categorical setting. Given a family F as a functor F : X ! Cat, the category 'X F provides the interpretation of the sum. On the other hand, the product is represented by the category of sections, say *X F , of the bration p : 'X F ! X that projects 'X F onto X. A section s of p is a functor s : X ! 'XF such that p s = idX.

Dependent types in Cat. Let F : X ! Cat be a functor where X is a small category, we dene the categories 'X F *XF , and the functor p : 'XF ! X as follows:

'X F = f(x y) j x 2 X y 2 Fxg 'X F (x y) (x y )] = f(f ) j f : x ! x : F (f )(y) ! y g id(x y) = (idx idy ) (g ) (f ) = (g f (Fg)()) The category 'X F is often called the Grothendieck category. The functor p : 'X F ! X is dened as: p(x y) = x p(f ) = f : 0

0

0

0


271

The category *XF is dened as: *XF = fs : X ! 'X F j p s = idXg *XF s s ] = f : s ! s j is a cartesian natural transformationg 0

0

where a cartesian natural transformation : s ! s is a natural transformation determined by a family f(idx x)gx X with s(x) = (x y), s (x) = (x z), and x : y ! z (so the rst component of the transformation is constrained to be the identity). Observe that for a section s we have s(x) = (x y), for all x 2 X, and s(f ) = (f ), for all f 2 MorX . 0

0

2

The next issue concerns the specialization of these denitions to the categories of cpo's and Scott domains. The problem is to determine suitable continuity conditions so that the constructions of sum and product return a \domain", say an algebraic cpo's. It turns out that everything works smoothly for dependent types. On the other hand second order types give some problems. (1) The sum of a second order type is not in general a domain. (2) The product of a second order type is only equivalent, as a category, to a domain. (3) Binite domains are not closed under the product construction (this motivates our shift towards Scott domains).

Dependent types in Cpo. We rene the construction above to the case where F : D ! Cpoip is a functor, D is a cpo, and Cpoip is the category of cpo's and injection-projection pairs. In other terms X becomes a poset category D and the codomain of the functor is Cpoip. By convention, if d d in D then we also denote with d d the unique morphism from d to d in the poset category D. If f : D ! E is a morphism in Cpoip then we denote with f + the injection and 0

0

0

with f the projection. ;

Proposition 11.1.5 (dependent sum in Cpoip) Let D be a cpo and F : D ! ip Cpo be a functor, then the following is a cpo: 'D F = f(d e) j d 2 D e 2 Fdg ordered by (d e) (d e ) i d D d and F (d d )+(e) F (d0) e : Proof. By proposition 3.1.3, the category Cpoip is the same as the category where a morphism is the injection component of an injection-projection pair. The latter is a subcategory of Cat. It is immediate to verify that ('D F ) is a poset with least element (?D ?F ( D )). Next let X = f(di ei)gi I be directed in 'D F . Set for d = Wi I di : _ _ X = (d F (di d)+ (ei)) : 0

0

0

0

0

?

2

2

i I 2


272

We claim that this is well dened and the lub of X in 'D F . fF (di d)+ (ei)gi I is directed. Since X is directed: 8i j 9k(di dk dj dk F (di dk )+(ei) ek F (dj dk )+ (ej ) ek ) : Hence F (di d)+(ei) = F (dk d)+ F (di dk )+(ei) F (dk d)+(ek ), and similarly for j . W X is an upper bound for X : immediate, by denition. W X is the lub. If (d e ) is an upper bound for X then it is clear that d d . Next we observe: F (d d )+(Wi I F (di d)+ (ei)) = WWi I F (d d )+ (F (di d)+ (ei)) = i I (F (di d )+(ei)) e : 2

0

0

0

0

0

2

2

0

0

2

2

Exercise 11.1.6 Verify that the de nition of D F is an instance of the de nition in Cat. ip ) Let D be a cpo and F : Proposition 11.1.7 (dependent product in Cpo D ! Cpoip be a functor, then the following is a cpo with the pointwise order induced by the space D ! 'D F : *DF ] = fs : D ! 'D F j s continuous p s = idD g : Proof. First we observe that p : 'D F !WD is continuous as for any f(di ei)gi I directed set in 'D F we have, taking d = i I di : p(Wi I (di ei)) = pW(Wi I di WWi I F (di d)+ (ei)) = i I di = i I p(di ei) : We can also dene a least section as s(d) = (d ?F (d)). Next we remark that for any directed set fsigi I in *DF ] we have, for any d 2 D: _ _ _ p ( si)(d) = p( si(d)) = p(si(d)) = d : 2

2

2

2

2

2 2

2

i I

i I

2

i I

2

2

Hence the lub of a directed set of sections exists and it is the same as the lub in D ! 'D F . 2 We given an equivalent denition of continuous section. DenitionS11.1.8 Let D be a cpo and F : D ! Cpoip be a functor. Consider f : D ! d D Fd such that fd 2 Fd, for each d 2 D. We say that f is cocontinuous if F (d d )+(fd) fd , and for any fdi gi I directed in D, such W that i I di = d, _ f (d) = F (di d)+ (f (di)) : 2

0

0

2

i I 2

2


273

Clearly *DF ] is isomorphic to:

ff : D ! Sd D Fd j 8d (fd 2 Fd) and f is cocontinuousg ordered by f g i 8d 2 D (fd Fd gd) : 2

Exercise 11.1.9 Verify that the de nition of D F ] in Cpoip corresponds to select a

full subcategory of cocontinuous sections out of the general construction described for Cat.

Dependent types in Scott domains. We denote with S (S for Scott) the cat-

egory of algebraic, bounded complete, cpo's (Scott domains for short, cf. chapter 1). The following hypotheses su#ce to guarantee that the constructions dened above return Scott domains: The domain of the family is a Scott domain. The codomain of the family is the category Sip of Scott domains and injectionprojection pairs. Less obviously, the functor F is cocontinuous in a sense which we dene next.

Denition 11.1.10 (directed colimits) A directed diagram is a diagram in-

dexed over a directed set. We say that a category has directed colimits if it has colimits of directed diagrams. We say that a functor is cocontinuous if it preserves colimits of directed diagrams.

Applying the theory developed in section 7.1 it is easy to derive the following properties.

Proposition 11.1.11 (1) The category Sip has directed colimits. (2) Given a Scott domain D and a functor F : D ! Sip, F is cocontinuous i W for any fdi gi I directed in D such that i I di = d, _ F (di d)+ F (di d) = idF (D) : 2

2

;

i I 2

(3) A functor F : Sip ! Sip is cocontinuous i for any Scott domain D and any directed set fpigi I of projections over D, 2

_

i I

pi = idD )

2

_

i I

F (pi) = idF (d) :

2

Proposition 11.1.12 (dependent sum and product in Scott domains) Let D be a Scott domain and F : D ! Sip be a cocontinuous functor, then the cpo's 'D F and *DF ] are Scott domains.


274

Proof. 'D F is bounded complete. Let X = f(di ei)gi I be bounded in 'D F by (d e ). Then: (i) fdigi I is bounded in D by d and therefore 9 Wi I di = d. (ii) Moreover fF (di d)+ (ei)gi I is bounded by F (d d ) (e ) as: F (di d )+ (ei) = F (d d )+ F (di d)+ (ei) e implies F (di d)+ (ei) F (d d ) (e ) : Hence we set e = Wi I F (di d)+ (ei). It is immediate to check that (d e) is the 2

0

0

0

2

2

0

2

0

;

0

0

0

0

;

0

2

lub. 'D F is algebraic. We claim: (1) K('D F ) " f(d e) j d 2 K(D) and e 2 K(F (d))g = K . (2) For any (d e) 2 'D F , # (d e) \ K is directed with lub (d e). Proof of (1): Let dW2 K(D), e 2 K(F (d )), and X =Wf(di ei)gi I be directed in 'D F with d i I di = d, and F (d d)+ (e ) i I F (di d)+ (ei). By hypothesis, d and e are compact. F (d d)+ (e ) is also compact, hence we can nd j such that d dj , F (d d)+ (e ) F (dj d)+ (ej ), that implies F (d dj )+ (e ) ej . That is (d e ) (dj ej ). Hence (d e ) 2 K('D F ). Proof of (2): The set is directed because 'D F is bounded complete. Given (d e) W we consider: (i) fdi gi I K(D) directedW such that i I di = d, and (ii) 8i 2 I fei j gj Ji K(F (di)) directed such that j Ji ei j = F (di d) (e). Then the following equations hold (the last one by cocontinuity of F ): 0

0

0

0

2

0

0

2

0

2

0

0

0

0

0

0

0

0

0

0

0

2

0

2

;

2

2

W

i I j Ji (di eij ) 2

2

= (d WWi I j Ji F (di dW)+ (ei j )) = (d Wi I F (di d)+ ( j Ji ei j )) = (d i I F (di d)+ F (di d) (e)) = (d e) : 2

2

2

2

;

2

*DF ] is bounded complete. Suppose fsigi I is a bounded set in *DFW]. Since bounded completeness is preserved by exponentiation we can compute i I si in W D ! 'D F . It remains to show that p ( i I si) = idD . We observe that for any d 2 D: _ _ _ 2

2

2

p(( si )(d)) = p( si(d)) = i I 2

i I 2

i I

p(si (d)) = d :

2

*DF ] is algebraic. We consider the step sections (cf. lemma 1.4.8) d e] for d 2 K(D), e 2 K(F (d)), dened as: ( F (d x)+(e)) if d x : d e](x) = ((x x ?F (x)) otherwise One can verify that d e] is compact in *D F ]. It remains to observe that for any s 2 *DF ], fd e] j d e] sg determines s. 2


275

Second order types in Scott domains. We look for an interpretation of second order types as domains. Suppose that F : Sip ! Sip is a cocontinuous

functor. Then, as an instance of the general categorical construction, we can form the category 'Sip F . It is easily veried that 'Sip F does not need to be a preorder as there can be several injection-projection pairs between two domains. We therefore concentrate our eorts on products. To this end we spell out the notion of cocontinuous section. Denition 11.1.13 Let F : Sip ! Sip be a cocontinuous functor. A cocontinuous section s is a family fs(D)gD Sip such that: f : D ! E in Sip ) F (f )+(s(D)) s(E ) (11.1) and for any D 2 Sip for any ffi : Di ! Dgi I such that ffi+ fi gi I is directed we have: _ + _ (fi fi ) = idD ) s(D) = (Ffi)+ (s(Di)) (11.2) 2

;

2

2

;

i I

i I

2

2

Let *ipS F ] be the collection of cocontinuous sections with the pointwise partial order: s s i 8D 2 Sip (s(D) s (D)) : The problem with this partial order is that the cocontinuous sections are not sets, hence a fortiori *SipF ] cannot be a Scott domain. However there is a way out of this foundational problem, namely it is possible to build a Scott domain which is order isomorphic to *Sip F ]. To this end we observe that the compact objects (cf. denition 7.3.3) in Sip are the nite bounded complete cpo's, and that there is an enumeration So = fCigi ! up to order-isomorphism of the compact objects. We dene *Sipo F ] as the collection of sections fs(D)gD Sipo such that: 0

0

2

2

s : D ! E in Sipo ) F (f )+(s(D)) s(E ) (11.3) This is the monotonicity condition 11.1 in denition 11.1.13 restricted to the subcategory Sipo (there is no limit condition, as Sipo is made up of compact objects). We observe that *Sipo F ] with the pointwise order is a poset. The following theorem is due to Coq89], after Gir86]. The basic remark is that a cocontinuous section is determined by its behaviour on Sipo. Theorem 11.1.14 (second order product) Let F : Sip ! Sip be a cocontinuous functor then: (1) *Sip F ] is order isomorphic to *Sipo F ], and (2) the poset *Sipo F ] is a Scott-domain. Proof hint. (1) Any cocontinuous section s 2 *Sip F ] determines by restriction a section res (s) 2 *SipoF ]. Vice versa given a section s 2 *SipoF ] we dene its extension ext (s), as follows: _ ext (s)(E ) = f(Ff )+(s(D)) j D 2 Sipo and f : D ! E in Sip g (11.4)


276

The set f(Ff )+(s(D)) j D 2 Sipo and f : D ! E in Sipg is directed. Given f0 : D0 ! E , f1 : D1 ! E we can nd D 2 Sipo and g0 : D0 ! D , g1 : D1 ! D , g : D ! E such that g g0 = f0 and g g1 = f1. The section ext (s) satises condition 11.1 because given g : E ! E we compute: (Fg)+(ext (s)(E )) = (WFg)+(Wf(Ff )+(s(D)) j D 2 Sipo and f : D ! E g) = WfF (g f )+(s(D)) j D 2 Sipo and f : D ! E g fF (h)+(s(D)) j D 2 Sipo and h : D ! E g = (ext (s))(E ) : With reference to condition 11.2 we need to check that: _ ext (s)(D) (Ffi)+ (ext (s)(Di )) 0

0

0

0

0

0

0

i I 2

(the other inequality follows by condition 11.1). According to the denition of ext consider D 2 Sipo and f : D ! D. We can nd j 2 I and h : D ! Dj such that fj h = f . Then: F (f )+(s(D )) = F (fj h)+ (s(D )) = F (fj )+ ((Fh)+(s(D ))) F (fj )+(ext (s(Dj ))) : It is easily checked that res and ext are monotonic. We observe that s(D) = ext (s)(D) if D 2 Sipo . To show consider the identity on D, and to prove use condition 11.1. It follows res (ext (s)) = s. To prove ext (res (s)) = s we compute applying condition 11.2: ext (res (s))(D) = W f(Ff )+((res (s))(D )) j D 2 Sipo and f : D ! Dg W = f(Ff )+(s(D )) j D 2 Sipo and f : D ! Dg = s(D) : (2) The least element is the section f?D gD Sipo . The lub s of a directed set fsigi I is dened as s(D) = Wi I si(D). Bounded completeness is left to the reader. To show algebraicity, we dene for D 2 Sipo and e 2 K(FD) the section: _ D e](D ) = f(Ff )+(e) j f : D ! D in Sipg (11.5) Compact elements are the existing nite lub's of sections with the shape 11.5. 2 Hence, although *SipF ] is not a poset because its elements are classes, it is nevertheless order-isomorphic to a Scott domain *SipoF ]. Figure 11.1 summarizes our results on the closure properties of the ' and * constructions in the categories Cpoip and Sip. Exercise 11.1.15 Consider the identity functor Id : Sip ! Sip. Prove that Sip Id] is the cpo with one element. Hint: let s be a cocontinuous section and D a Scott domain. Then there are two standard embeddings, inl and inr , of D in D + D, where + is the coalesced sum. The condition on sections requires that s(D + D) = inl (s(D)) = inr (s(D)), but this forces s(D) = ?D . 0

0

0

0

0

0

0

0

0

0

0

0

2

2

2

0

0


277

F : D ! Cpoip F functor D cpo

) 'D F *DF ] cpo's F : D ! Sip F cocont. D Scott domain ) 'D F *DF ] Scott domains F : Sip ! Sip F cocont. ) *Sip F ] = *SipoF ] Scott domain Figure 11.1: Dependent and second order types in Cpoip and Sip

Remark 11.1.16 (1) Exercise 11.1.15 hints at the fact that cocontinuous sec-

tions satisfy certain uniformity conditions, namely the choice of the elements has to be invariant with respect to certain embeddings. In practice syntactically denable functors are \very" uniform so we can look for even stronger uniformity conditions in the model. Here is one that arises in the stable case (see chapter 12 and Gir86]) and that leads to a \smaller" interpretation of certain types. Every section s satises the following uniformity condition:

h : D ! E in Sip implies s(D) = (F (h)) (s(E )) ;

(11.6)

This condition implies the standard condition in the continuous case. In the stable case one considers stable injection projection pairs (cf. section 12.4) and the sections s are such that for all D, s(D) is stable. (2) It can be proved that binite domains are not closed with respect to the *Bif F ] construction (see Jun90]). The basic problem arises from the observation that Sipo does not need to satisfy property M (cf. denition 5.2.6).

The following two exercises require the knowledge of stability theory and of coherence spaces (chapters 12 and 13). The rst exercise witnesses the dierence between the stable and the continuous interpretation. The second presents the uniformity condition as a requirement of stability.

Exercise 11.1.17 (1) Show that, in the stable setting just described, the interpretation of 8t:t ! t is (isomorphic to) O. (2) In contrast, show that in the continuous setting

the interpretation of 8t:t ! t is in nite. Hints: For (1), consider a section s. Show that if xe 2 trace (s(E _ ^)), then x feg make use of two injections from E into E e , where e is coherent with all the events of x. Show that x 6= ? with a similar method (e being now incoherent with e). Show that if s is not ? for all D, then s(feg _ ^) = id, and hence s(D) is the identity everywhere. For (2), consider the (non-stable) functions de ned by s(D)(x) = x if x bounds at least n compact elements of D, and s(D)(x) = ? otherwise. 0

0

0


278

Exercise 11.1.18 (Moggi) Let s be a section satisfying the condition in the proof

of theorem 11.1.14 and consisting of stable functions. Show that s satis es the uniformity condition 11.6 i s, viewed as a functor in the Grothendieck category, preserves pullbacks. Hints: (1) Show that f : (D x) ! (D x ) and f : (D x) ! (D x ) form the limit cone of a pullback diagram in the Grothendieck category i x = F (f ) (x ) ^ F (f ) (x ). (2) Show that for any stable injection-projection pair f : D ! D , the pair of f and f forms the limit cone of a pullback diagram. 0

0

0

0

00

;

0

0

;

00

0

11.2 Dependent and Second Order Types We introduce the typing rules of the P 2-calculus, a -calculus with dependent and second order types. We restrict our attention to the introduction and elimination rules for products. The syntactic categories of the P 2-calculus are presented as follows. Variables Contexts Kinds Type Families Objects

v ::= x j y j : : : ; ::= j ; v : j ; v : K K ::= tp j *v : :K ::= v j *v : : j *v : tp: j v : : j M M ::= v j v : :M j v : tp:M j MM j M :

Contexts, type families, and objects generalize the syntactic categories we have already dened in the simply typed case (cf. chapter 4). Kinds form a new syntactic category, which is used to classify type families, so, intuitively, kinds are the \types of types". The basic kind is tp which represents the collection of all types. More complex kinds are built using the * construction and are employed to classify functions from types to the collection of types (type families). The formal system is based on the following judgments. Well formed kind ; ` K : kd Well formed type family ; ` : K Well formed object ;`M : : The formal rules are displayed in gure 11.2. In the following we will use A B : : : as meta-symbols ranging over objects, type families, kinds, and a special constant kd which is introduced here just to have a uniform notation. A well-formed context has always the shape x1 : A1 : : : xn : An where Ai is either a kind or a type (that is a type family of kind tp, but not a function over types). Note that Ai might actually depend on the previous variables. Syntactically this entails that the rule of exchange of premises is not derivable in the system& the order of hypotheses is important. Semantically we remark that a context cannot be simply interpreted as a product. We will see next that the product is replaced by the Grothendieck category (cf. exercise 11.1.2)

11.2. DEPENDENT AND SECOND ORDER TYPES

279

The formation rules for kinds are directly related to those for contexts, indeed we use ; ` tp : kd to state that the context ; is well-formed. One can consider a slightly less synthetic presentation in which one adds a fourth judgment, say ; ` ok , which asserts the well-formation of contexts. We remark that not all premises in the context can be -abstracted. In particular, type families cannot be abstracted with respect to kinds, and objects can be abstracted only with respect to types and the kind tp. By convention we abbreviate *x : A:B with A ! B , whenever x 2= FV (B ). In the P 2-calculus it is not possible to type a closed type family x : : : *x : :tp in such a way that actually depends on x. In the applications (e.g., see section 11.4) we enrich the calculus with constants such as Prod :bool : nat ! tp. Finally, we note that the rules *I and *E for type families and objects follow the same pattern. Kinds and types are assigned to type families and objects, respectively, modulo -conversion (rules (tp:Eq) and (Eq)). Formally, we dene the relation = as the symmetric and transitive closure of a relation of parallel -reduction which is specied in gure 11.3. This is a suitable variation over the notion of parallel -reduction that we have dened in gure 2.5 to prove the conuence of the untyped -calculus. Note that the denition of the reduction relation does not rely on the typability of the terms. Indeed this is not necessary to obtain conuence as stated in the following.

Proposition 11.2.1 (conuence) If A ) A and A ) A then there is B such that A ) B and A ) B . Proof hint. Show that if A ) A and B ) B then AB=x] ) A B =x]. 2 0

0

00

00

0

0

0

0

We state three useful properties of the P 2-calculus. We omit the proofs which go by simple inductions on the length of the proof and the structure of the terms.

Proposition 11.2.2 Type uniqueness: If ; ` A : B and ; ` A : B then 0

B=B. 0

Abstraction typing: If ; ` x : A:A : *x : B:C then ; x : A ` A : C and A = B. Subject reduction: If ; ` A : B and A ) A then ; ` A : B . 0

0

0

0

Let us briey discuss two relevant extensions of the P 2-calculus: When embedding logics or data structures in the P 2-calculus it is often useful to include -conversion as well (cf. sections 11.4 and 11.5): () x : A:(Bx) = B x 2= FV (B ) :

280


2= dom(;) (K:kd) ; `;K x: :kdK `x tp : kd

(K:) ` tp : kd

x 2= dom(;) (K:*) ; x : ` K : kd ; ` : tp (K:tp) ; `; x: tp : ` tp : kd ; ` *x : :K : kd Well formed kind (tp:Asmp) x : K 2; `; x;: `Ktp : kd

(tp:Eq) ; ` : K ;; `` K: K: kd K = K

(tp:*) ; x :;``*x: :tp:;: `tp : tp

: tp (tp:*2) ;;`x*: xtp: `tp: : tp

0

0

: tp (tp:* ) ; ` : *x : :K ; ` M : (tp:*I ) ;;x`: x`::: K: *;x `: :K E ; ` M : K M=x] Well formed type family (Asmp) x : 2;;` x; :`tp : kd

` : tp = (Eq) ; ` M : ; `; M :

: ; ` : tp (* ) ; ` M : *x : : ; ` N : (*I ) ;;x`: x`:M E :M : *x : : ; ` MN : N=x] ; x : tp ` M : (*2I ) ; ` x : tp:M : *x : tp:

x : tp: ; ` : tp (*2E ) ; ` M;: `*M : =x]

Well formed object Figure 11.2: Typing rules for the P 2-calculus

0

11.2. DEPENDENT AND SECOND ORDER TYPES

281

A)A B )B (x : C:A)B ) A B =x]

A)A B )B AB ) A B

A)A B )B x : A:B ) x : A :B

A)A B )B *x : A:B ) *x : A :B

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

A)C B)C A=B

A)A

Figure 11.3: Parallel -reduction and equality for the P 2-calculus The system with -conversion is still conuent and strongly normalizing but the proof of this fact is considerably harder than the one for -conversion. A basic problem is that conuence cannot be proved without appealing to typing. Consider: N x : :(y : :M )x x 2= FV (M ) N ! x : :M x=y] N ! y : :M : It is not possible to close the diagram unless and are convertible. This is proven by appealing to judgments of the shape ; ` = : K . The following rules can be used to formalize the '-construction on dependent types. Observe the introduction of the constructor h i and destructors fst snd which generalize the familiar operators associated to the cartesian product. (tp:') ;;`x': x :`: ::tptp ('E1 )

('I )

; ` M : ; x : ` N : ; ` hM N M=x]i : 'x : :

; ` M : 'x : : (' ) ; ` M : 'x : : : E 2 ; ` fst M : ; ` snd M : fst M=x]

Interpretation in Scott domains. We interpret the P 2-calculus in the cat-

egory of Scott domains and injection-projection pairs by appealing to the constructions introduced in section 11.1. The interpretation is given in a naive set-theoretical style, our goal being to suggest how the sum and product constructions can be used in an interpretation. In rst approximation the interpretation of a context ; such that ; ` tp : kd, is a category, say ;]], the interpretation of tp is the category Sip of Scott domains and injection-projection pairs, the interpretation of a type, ; ` : tp, is a


282

functor F = ; ` : tp] from ;]] to Sip, and the interpretation of a term, ; ` M : , is a section of the Grothendieck bration p : ' ;]]F ! ;]]. Note that the interpretations are inter-dependent, and they are dened in gure 11.4 by induction on the derivation of the judgment. We use a set-theoretical style, in a rigorous approach we should make sure that the dened objects exist in the domain-theoretical model. Another aspect which we ignore is the soundness of the equality rules. Indeed, one should verify that -reduction is adequately modelled (CGW88] carries on this verication for second order types). We start with the trivial category 1, and we use the Grothendieck category to extend the context. The interpretation of a kind judgment is a functor from the context interpretation to Cat. We dene the interpretation parametrically on y 2 ;]]. Given a variable, say x, occurring in the well formed context ; we write yx for the projection of the x-th component of the vector y 2 ;]].

Exercise 11.2.3 Extend the interpretation to handle the rules for dependent sum stated above.

11.3 Types as Retractions We present two approaches which are based on the interpretation of types as (particular) retractions over a domain. In the rst approach, we develop the properties of nitary projections (cf. chapter 7) towards the interpretation of dependent, and second order types. In the second approach, we present a purely syntactic interpretation of the P 2-calculus into the p-calculus, which is a -calculus enriched with a constant p that plays the role of a retraction of all retractions. In section 7.4, we have discussed how to represent countably based Scott domains as nitary projections over a universal domain U . In the following we briey describe the construction of the operators ' and * in this framework (see ABL86]). Suppose that U is a Scott domain such that:

U U / U via ((u u ):hu u i u:((fst u) (snd u))) : U U ! U (U ! U ) / U via (i j ) : (U ! U ) ! U 0

0

We also know that (see exercise 7.4.8): FP (U ) / (U ! U ) via (idFP (U ) ) :

We set = i j 2 FP (U ). We suppose the following correspondences: A projection p 2 FP (U ) represents the domain im (p). A function f : U ! U such that f = f p represents a cocontinuous functor from the domain im (p) to the category Sip, where f (d) = im (fd) and f (d d ) = (id f (d)). 0

11.3. TYPES AS RETRACTIONS

283

(K:) ] =1 (K:kd) ; x : K ] = ;]] ; ` K : kd] (K:tp) ; x : ] = ;]] ; ` : tp] Context interpretation (K: kd tp) ; ` tp : kd] (y ) = Sip (K:) ; ` x : :K : kd] (y ) = Gy y :F (y y )] where: Gy = ; ` : tp] (y ) and F (y y ) = ; x : ` K : kd] (y y ) 0

0

0

0

Kind interpretation (tp:Asmp) ; ` x : tp] (y ) (tp:) ; ` x : : : tp] (y )

= yx = Gy y :F (y y )] where: Gy = ; ` : tp] (y ) and F (y y ) = ; x : ` : tp] (y y ) ; ` x : tp: : tp] (y ) = Sip y :F (y y )] where: F (y y ) = ; x : tp ` : tp] (y y ) ; ` x : : : x : :K ] (y ) = y 2 Gy:(; x : ` : K ] )(y y ) where: Gy = ; ` : tp] (y ) ; ` M : K M=x]]](y ) = (; ` : x : :K ] (y ))(; ` M : ] (y )) 0

0

0

(tp: ) 2

(tp:I ) (tp:E )

0

0

0

0

0

0

0

Type family interpretation (Asmp) ; ` x : ] (y ) (I ) ; ` x : :M : x : : ] (y ) (E ) (2I ) (2E

= yx = y 2 Gy:(; x : ` M : ] )(y y ) where: Gy = ; ` : tp] (y ) ; ` MN : N=x]]](y ) = (; ` M : x : : ] (y ))(; ` N : ] (y )) ; ` x : tp:M : x : tp: ] (y ) = y 2 Sip :(; x : tp ` M : ] )(y y ) ; ` M : =x]]](y ) = (; ` M : x : tp: )]](y ))(; ` : tp] (y )) 0

0

Object interpretation

Figure 11.4: Interpretation of the P 2-calculus in Sip

0

0

284


It has already been remarked in 7.4.10 that FP (U ) and Sip (more precisely, the subcategory of countably based domains) are not equivalent categories as FP (U ) is just a poset. As a matter of fact we get a dierent model of the P 2calculus where, in particular, one can interpret the second order '-construction as a domain.

Denition 11.3.1 (' and * constructions in FP (U )) Let p 2 FP (U ), and f : U ! U be such that f = f p. We dene: 'pf = u:hp(fst u) (f (fst u))(snd u)i : U ! U *pf = u:i(x:j (fx)((ju)(px)) : U ! U : Exercise 11.3.2 Show that under the hypotheses of de nition 11.3.1, pf pf FP (U ).

2

When f : im (p) ! Sip is regarded as a functor, the sum and product constructions dened in propositions 11.1.5 and 11.1.7, respectively, apply. In particular we have: 'im (p)f = f(d e) j pd = d and (fd)e = eg *im(p)f ] = f : U ! U j p = and 8d ((fd)(d) = d)g : We can then show that 'pf and *pf are nitary projections representing the \right" domains.

Exercise 11.3.3 Show that under the hypotheses of de nition 11.3.1 the following isomorphims hold:

im (pf )

= im (p) f and im (p f )

= im (p)f ] :

Exercise 11.3.4 Compute Id. Compare the corresponding domain with the one obtained in exercise 11.1.15. Exercise 11.3.5 Consider the formal system for the P 2-calculus with the identi cation tp kd. This system has been shown to be logically inconsistent (all types are inhabited) by Girard. However, not all terms are equated. To prove this fact propose an interpretation of the calculus in the domain of nitary projection. Hint: the nitary projection represents the type of all types (see ABL86]).

We now turn to the syntactic approach. We present an extension of the untyped -calculus with a constant p whose properties are displayed in gure 11.5 (by convention, let P Q stand for x:P (Qx), with x fresh). The intention is to let p denote the retraction of all retractions. On this basis, (p1) states that elements in the image of p are retractions, (p2) entails that p is a retraction as p p = pp pp = pp = p, and (p3) states that all retractions are in the image of p.

11.3. TYPES AS RETRACTIONS

285

M =M (p1) (px) (px) = px (p2) pp = p (p3) MpM =M Figure 11.5: Additional rules for the p-calculus

hkdi htpi hxi h*x : A:B i hx : A:B i hAB i

=p =p =x = z:t:(x:hB i)(hAit)(z(hAit)) z t 2= FV (A) FV (B ) = (x:hB i) hAi = hAihB i

Suppose: hAi; Pi+1 P1

;i x1 : A1 : : : xi : Ai i = 1 : : : n: = hAiP1=x1 : : : Pn =xn ]: = hAi+1i;i xi = hA1ix1

Figure 11.6: Translation of the P 2-calculus into the p-calculus We want to show that: (i) every model of the p-calculus is also a model of the P 2-calculus, and (ii) there are models of the p-calculus. Point (ii) is a a corollary of theorem 12.4.18. In particular, we will we will see that every reexive object in the category of binite (stable) domains and stable morphisms (there are plenty of them) can be canonically extended to a model of the p-calculus. We remark that the nitary projection model presented above, although based on similar ideas, does not provide a model of the p-calculus if we interpret (as it is natural) p as the projection . The problem is that the rule (p3) requires that every retraction is in image (a similar problem would arise in models based on nitary retractions). In order to address point (i), we exhibit a syntactic translation of the P 2calculus into the p-calculus which preserves equality. By combining (i) and (ii) we can conclude that every model of the -calculus based on binite stable domains, canonically provides a (non-trivial) interpretation of the P 2-calculus. Let us give some intuition for the interpretation. A type or a kind is rep-

286


resented as a retraction, say r. An object d has type r if d = r(d). When interpreting the -abstraction x : A:B the retraction hAi is used to coerce the argument to the right type. A similar game is played in the interpretation of *x : A:B which resembles *pf in denition 11.3.1. Note that if x 2= FV (B ) then h*x : A:B i = z:hB i z hAi, which is the way to build a functional space in Karoubi envelope (cf. denition 4.6.8). Another special case is when A tp, then we obtain t:z:hB ipt=x](z(pt)). Here the type of the result \hB ipt=x]" depends on the input type \pt". The translation is dened in gure 11.6, it respects typing and reduction as stated in the following.

Proposition 11.3.6 (1) If ; ` A : B then hAi; =p hB i;hAi; . (2) If ; ` A : B and A ) B then hAi; =p hB i;. Proof. In the rst place we observe that hAB=x]i; =p hAi;hB i;=x]. Next

we prove the two statements simultaneously by induction on the length of the typing proof. We consider some signicative cases. (K:) We apply axiom (p2). (K:*) Let Q h*x : :K i;. We prove pQ =p Q by showing Q Q =p Q. To this end we expand the left hand side of the equation and apply the inductive hypotheses: phK i; x: =p hK i; x: and phi; =p hi; . (tp:Asmp) There is a shorter proof of ; ` K : kd. Then by induction hypothesis we know phK i; =p hK i;. We conclude observing that hxi; =p hK i; x. (tp:Eq) There are shorter proofs of ; ` K : kd and ; ` K : kd. By conuence we know that K and K have a common reduct. By applying the second part of the statement above we can conclude that hK i; =p hK i; . By inductive hypothesis we know hK i; hi; =p hi; . Combining with the previous equation we get the desired result. (tp:*I ) By expanding denitions as in the (K:*) case. (*E ) We observe: 0

0

0

hMN i; =p (h*x : : i;hM i; )(hN i; ) =p h N=x]i;(hM i; hN i; ) : For the second part of the statement we proceed by induction on the typing and the derivation of a -reduction. For instance consider the case (x : A:B )C ! B C=x]. If (x : A:B )C is typable in a context ; then we can extract a proof that ; ` C : A. By (1) we know hAi;hC i; =p hC i; . Hence we can compute h(x : A:B )C i; =p (x:hB i;)(hAi; hC i;). Which is convertible to hB i; hC i;=x].

2

11.4. SYSTEM LF

11.4 System LF

287

The system LF corresponds to the fragment of the P 2-calculus in which we drop second order types. Formally one has to remove the following rules: (tp:*2), (*2I ), and (*2E ). It has been shown that the system can faithfully encode a large variety of logical systems AHMP95]. We will highlight some features of this approach by studying the encoding of a Hilbert style presentation of classical rst-order logic with equality and arithmetic operators. Dependent products play a central role in this encoding. From this one may conclude that dependent products are more \expressive" than simple types. 1 On the other hand from the view point of the length of the normalization procedure dependent types do not add any complexity. As a matter of fact we show that the strong normalization of system LF can be deduced from the strong normalization of the simply typed -calculus via a simple translation. 2

Remark 11.4.1 Kinds, type families, and objects in -normal form have the following shapes where recursively the subterms are in -normal form:

Kind: *x1 : 1 : : : *xn : n:tp Type family: x1 : 1 : : : xn : n:*y1 : 1 : : : ym : m:xM1 : : :Mk Object: x1 : 1 : : : xn : n:xM1 : : : Mk :

In order to dene precise encodings of logics in LF it is useful to introduce the notion of canonical form. Roughly a term is in canonical form if it is in normal form and -expansion is performed as much as possible. Canonical forms can be regarded as a way to avoid the problematic introduction of full -conversion.

Denition 11.4.2 The arity of a type or kind is the number of *'s in the prex of its -normal form (which is to say the number of arguments). Let ; ` A : B

be a derivable judgment. The arity of a variable occurring in A or B is the arity of its type or kind.

Denition 11.4.3 Let ; ` A : B be a derivable judgment. The term A is in canonical form if it is in -normal form and all variable occurrences in A are fully applied, where we say that a variable occurrence is fully applied if it is applied to a number of arguments equal to the variable's arity.

It is known that the validity of a sentence is a decidable problem for propositional logic and an undecidable one for rst-order logic. Dependent types can be connected to predicate logic in the same way simple types were connected to propositional logic in section 4.1. 2 From a logical view point this relates to the well-known fact that the cut-elimination procedures in propositional and rst-order logic have the same complexity. 1

288

CHAPTER 11. DEPENDENT AND SECOND ORDER TYPES Individuals t ::= x j 0 j s(t) Formulas ::= t = t j : j ' j 8x: (eq1) t = t (eq3) t = tt =tt = t (pp1 ) ' ( ' ) 0

0

00

00

(eq2) tt ==tt t (eq4) t=xt] = = t =x] 0

0

0

0

(pp2 ) ( ' ( ' )) ' (( ' ) ' ( ' )) (mp) ' (pp3) (: ' :) ' ( ' ) (pc1) 8x: (pc2) 8x: t=x] Figure 11.7: First-order logic with equality In gure 11.7 we give a presentation of classical rst-order logic (FOL) with equality and arithmetic operators. In gure 11.8 we encode the language in the system LF. To this end we build a context ;FOL composed of: The declaration of two new types o corresponding to the collection of individuals and formulas, respectively. The declaration of objects ^0 s^ corresponding to the arithmetic operators and objects =^ '^ :^ 8^ corresponding to the logical operators. Next we dene a function d e that translates terms into objects of type and formulas into objects of type o. Note in particular that: Variables are identied with the variables of system LF. -abstraction is used to encode the quantier 8. These features are essential to inherit the denitions of -renaming and substitution available in the meta-theory, i.e. in LF. The correspondence between the language of FOL and its encoding in LF is quite good.

Proposition 11.4.4 There is a bijective correspondence between terms (formulas) having free variables in x1 : : : xn and terms M in canonical form such that syn ;syn FOL x1 : : : : xn : ` M : (;FOL x1 : : : : xn : ` M : o).

A second task concerns the encoding of the proof rules. The complete denition is displayed in gure 11.9. The basic judgment in FOL is that a formula

11.4. SYSTEM LF

;syn FOL

289

8> >< Constant types Constant terms >> :

dxe ds(t)e dt = t e d ' e 0

0

o : tp ^0 : =^ : ! ! o :^ : o ! o

=x = s^dte = =^ dtedt e ^ ed e = 'd 0

0

d0e

s^ : ! '^ : o ! o ! o 8^ : ( ! o) ! o = ^0

d:te = :^ dte d8x:e = 8^(x : :de)

Figure 11.8: Coding FOL language in LF holds, say ` . Correspondingly we introduce a dependent type T : o ! tp. This is the point where dependent types do play a role! We also note that the rule (tp:*E ) is used to type the proof encodings. The basic idea is to introduce a series of constants which correspond to the proof rules in such a way that objects of type T (de) relate to proofs of the formula . The property of the proof encoding can be stated as follows. 3

Proposition 11.4.5 There is a bijective correspondence between proofs of a formula from the assumptions 1 : : :m and with free variables x1 : : : xn, and terms M in canonical form such that: rl ;syn FOL ;FOL x1 : : : : xn : y1 : T (d1e) : : : ym : T (dme) ` M : T (de) :

For instance, to the proof x:x(=x=x x) we associate the term pc1 (x : :=^ xx)(eq1). Next we turn to the strong normalization problem for the system LF. This is proven via a translation in the simply typed -calculus which is specied in gure 11.10. The function t applies to kinds and type families whereas the function j j applies to type families and objects. The function t forgets the type dependency by replacing every variable by the ground type o and ignoring the argument of a type family. The function j j reects all possible reductions of the LF term. In order to translate terms of the shape *x : A:B we suppose that the simply typed -calculus is enriched with a family of constants having type o ! (t(A) ! o) ! o. In the rst place, we observe some syntactic properties of these translations. 8

Lemma 11.4.6 If M is an object then: (1) t(AM=x]) t(A), and (2) jAM=x]j jAjjM j=x]. 3

Detailed proofs for propositions 11.4.4 and 11.4.5 can be found in HHP93].


290

Judgment

Rules

;rlFOL

T : o ! tp 8 eq : *x : i:T (=^ xx) >> 1 >> eq2 : *x y : i:(T (=^ xy) ! T (=^ yx)) >> eq3 : *x y z : i:(T (=^ xy) ! T (=^ yz) ! T (=^ xz)) >> eq4 : *f : ! o:*x y : i:(T (=^ xy) ! T (=( ^ fx)(fy))) >< pp1 : *f g : o:T (f '^ g'^ h) >> pp2 : *f g h : o:T ((f '^ (g'^ h))'^ ((f '^ g)'^ (f ' h))) >> pp3 : *f g : o:T ((^:f '^ :^ g)'^ (g'^ f )) >> mp : *f g : o:T (f '^ g) ! T (f ) ! T (g) >> pc : *F : ! o:(*x : :T (Fx)) ! T (8^F ) >: 1 pc2 : *F : ! o:*x : :T (8^F ) ! T (Fx)

Figure 11.9: Coding FOL proof rules in LF

t(tp) t(x) t(*x : A:B ) t(x : A:B ) t(AB )

=o =o = t(A) ! t(B ) = t(B ) = t(A)

jxj jAB j j*x : A:B j jx : A:B j

=x = jAjjB j = jAj(x : t(A):jB j) = (y : o:x : t(A):jB j)jAj (y fresh)

Figure 11.10: Translation of LF in the simply typed -calculus

11.5. SYSTEM F

291

Proof hint. By induction on the structure of A. 2 Lemma 11.4.7 If ; ` A : B and A ) A , where A is a kind or a type family, then t(A) t(A ). Proof. By induction on the proof of the reduction. In the basic case (x : A:B )C ! B C=x] we use the fact that, by the typability hypothesis, C is an 0

0

2

object.

The translations t and j j preserve typing.

Proposition 11.4.8 If ; ` A : B and B 6= kd then t(;) ` jAj : t(B ), where t(x1 : A1 : : : xn : An) x1 : t(A1) : : : xn : t(An). Proof hint. By induction on the length of the proof. 2 Finally we can show that the translation reects reductions, which, by the strong normalization of the simply typed -calculus, implies immediately the strong normalization of system LF.

Theorem 11.4.9 If ; ` A : B , B 6= kd, A +) A , and in the reduction A ) A we nd at least one -reduction, then jAj ! jA j. Proof. By induction on the derivation of A ) A . For instance, suppose we derive (x : A:B )C ) A C =x] from B ) B and C ) C . Then: j(x : A:B )C j = ((y : o:x : t(A):jB j)jAj)jC j ! (x : t(A):jB j)jC j !+ (x : t(A):jB j)jC j by induction hypothesis ! jB jjC j=x] = jB C =x]j by lemma 11.4.6 : 0

0

0

0

0

0

0

0

0

0

0

0

0

0

2

Remark 11.4.10 By combining the results on conuence and strong normalization it is possible to prove that it is decidable if a judgment is derivable in the system LF.

11.5 System F System F is the fragment of the P 2-calculus where dependent types and type families are removed. Formally we eliminate the rules: (K:*), (tp:*I ), and (tp:*E ). With these restrictions, types cannot depend on objects and the equality rules (tp:Eq) and (Eq) can be dispensed with, as type equality becomes conversion. Note that in the type *x : : , the type never depends on x and therefore we can simply write ! . Finally we remark that the rules for the


292

(Asmp) x; :`x2: ; ;`M :! ;`N : ; x : ` M : (!I ) ; ` x : :M : ! (!E ) ; ` MN : ; ` M : t 2= FVt(;) (8 ) ; ` M : 8t: (8I ) E ; ` t:M : 8t: ; ` M : =t] Figure 11.11: Typing rules for system F kind (and context) formation are redundant. Namely we can represent a context as a list x1 : 1 : : : xn : n (as in the simply typed -calculus), where the types i may depend on type variables. According to these remarks we give a more compact presentation of system F. Since we have eliminated the kinds, we need some notation to distinguish between type variables (i.e. variables of type tp) and term variables (i.e. variables of type , where has kind tp): we denote the former with t s : : : and the latter with x y : : : Terms and types are dened as follows: Types tv ::= t j s j : : : ::= tv j ! j 8tv: Terms v ::= x j y j : : : M ::= v j v : :M j MM j tv:M j M : Note that the type of all types is never explicitly mentioned. 8t: : : : is an abbreviation for *t : tp: : : : and t: : : : is an abbreviation for t : tp: : : : A context ; is a list x1 : 1 : : : xn : n, so the type variables declarations are left implicit. We denote with FVt(;) the collection of type variables that occur free in types occurring in ;. Derivable typing judgments are specied in gure 11.11. Mutatis mutandis, the system is equivalent to the one presented in section 11.2.

Exercise 11.5.1 Show that in system F -reduction is locally conuent on well-typed terms.

The system F was introduced by Girard Gir72] as a tool for the study of the cut-elimination procedure in second order arithmetic (PA2), more precisely the normalization of system F implies the termination of the cut-elimination procedure in PA2. By relying on this strong connection between system F and PA2 it was proven that all functions that can be shown to be total in PA2 are representable in system F. This is a huge collection of total recursive functions that

11.5. SYSTEM F

293

goes well beyond the primitive recursive functions. System F was later rediscovered by Reynolds Rey74] as a concise calculus of type parametric functions. In this section we illustrate the rich type structure of system F by presenting a systematic method to code nite free algebras and iterative functions dened on them. In the following an algebra S is a sort S equipped with a t-uple of constructors:

fini : S| {z S} ! S for i = 1 : : : k k 0 ni 0 : ni times

We inductively dene a collection of total computable functions over the ground terms of the algebra as follows.

Denition 11.5.2 The collection of iterative functions f : S n ! S over an algebra S is the smallest set such that: The basic functions fini , constant functions, and projection functions are iter-

ative functions. The set is closed under composition. If f1 : S m ! S : : : fn : S m ! S , and g : S n ! S are iterative then ~x:g(f1(~x) : : : fn (~x)) is iterative. The set is closed under iteration. If hi : S ni+m ! S are iterative functions for i = 1 : : : k then the function f : S m+1 ! S dened by the following equations is iterative.

f (~x fi(~y)) = hi (~x f (~x y1) : : : f (~x yni )) i = 1 : : : k : Iterative denitions, generalize to arbitrary algebras primitive recursive denitions (cf. appendix A). The basic idea is to dene a function by induction on the structure of a closed term, hence we have an equation for every function of the algebra.

Exercise 11.5.3 Consider the algebra of natural numbers (! s1 00). Show that the

iterative functions coincide with the primitive recursive ones. Hint: the de nitions by primitive recursion are apparently more general but they can be simulated using pairing and projections.

Denition 11.5.4 (coding) In gure 11.12 we associate to an algebra S a type of system F, and to a ground term a of the algebra a closed term a of type .

Example 11.5.5 If we apply the coding method to the algebra of natural numbers dened in exercise 11.5.3 we obtain the type 8t:(t ! t) ! (t ! t). The term s( (s0) ) can be represented by the term t:f : t ! t:x : t:f ( (fx) ), which is a polymorphic version of Church numerals.


294

Given: S fini : S| {z S} ! S i = 1 : : : k ni times

Let: 8t:1 ! ! k ! t where: i t| ! {z ! t} ! t ni times

fin (a1 : : : an) = t:x1 : 1 : : :xk : k :xi(a1t~x) (ant~x) Figure 11.12: Coding algebras in system F

Exercise 11.5.6 Explicit the coding of the following algebras: the algebra with no oper-

ation, the algebra with two 0-ary operations, the algebra of binary trees (T nil0 couple2).

Proposition 11.5.7 There is a bijective correspondence between the ground terms of the algebra S and the closed terms of type modulo -conversion. Proof. Let M be a closed term in -normal form of type . Then M has to have the shape:

M t:x1 : 1 : : : xi : i :M i k : If i < k and M is not a -abstraction then M has the shape ( (xj M1) Mh ) and so we can -expand M without introducing a -redex. By iterated expansions we arrive at a term in normal form of the shape 0

0

0

0

t:x1 : 1 : : : xk : k :M : 00

where M has type t, it is in normal form, and may include free variables x1 : : : xk . We claim that M cannot contain a -abstraction: A -abstraction on the left of an application would contradict the hypothesis that M is in normal form. A -abstraction on the right of an application is incompatible with the \rstorder" types of the variables i . We have shown that a closed term of type is determined up to conversion by a term M which is a well-typed combination of the variables xi, for i = 1 : : : k. Since each variable corresponds to a constructor of the algebra we can conclude that there is a unique ground term of the algebra which corresponds to M . 2 Having xed the representation of ground terms let us turn to the representation of functions. 00

00

00

00

11.5. SYSTEM F

295

Denition 11.5.8 A function f : S n ! S is representable (with respect to the coding dened in gure 11.12) if there is a closed term M : n ! , such that for any ground term ~a, M~a = f (~a).

Proposition 11.5.9 The iterative functions over an algebra S are representable. Proof. We proceed by induction on the denition of iterative function. The only non-trivial case is iteration. Let hi : S ni+m ! S be iterative functions for i = 1 : : : k, and the function f : S m+1 ! S be dened by: f (~x fi(~y)) = hi(~x f (~x y1) : : : f (~x yni )) i = 1 : : : k (11.7) where ~x x1 : : : xm. We represent f with the function: f x1 : : : : :xm : :x : :x(h1~x) (hk ~x) where we know inductively that hi represents hi . Note that iteration is already built into the representation of the data. We prove by induction on the structure of a ground term a that for any vector of ground terms ~b, f~ba = f (~b a). If a fi0 then f~bfi0 ! fi0 (h1~b) (hk~b) ! hi~b = hi(~b), the last step holds by induction hypothesis on hi. If a fin (a1 : : : an) then f (~b fi(a1 : : : an)) = hi(~b f (~b a1) : : : f (~b an)), by equation 11.7. Then by induction hypothesis on hi: f (~b fi(a1 : : : an)) = hi (~b f (~b a1) : : : f (~b an)) = hi~bf (~b a1) : : :f (~b an) : On the other hand we compute: f~bfin (a1 : : : an) ! fin (a1 : : : an)(h1~b) (hk~b) ! (hi~b)(a1(h1~b) (hk~b)) (an(h1~b) (hk~b)) : and we observe that by induction hypothesis on a: f (~b ai) = f~bai = ai(h1~b) (hk~b)) : 2 Exercise 11.5.10 Consider the case of algebras which are de ned parametrically with

respect to a collection of data. For instance List(D) is the algebra of lists whose elements belong to the set D. This algebra is equipped with the constructors nil : List(D) and cons : D List(D) ! D. De ne iterative functions over List(D) and show that these functions can be represented in system F for a suitable embedding of the ground terms in system F. Hint: The sort List(D) is coded by the type 8t:t ! (t ! r ! t) ! t, where r is a type variable, and generic elements in List(D) are represented by (free) variables of type r.

296


In system F it is also possible to give weak representations of common type constructors. We explain the weakness of the representation in the following example concerning products.

Example 11.5.11 For types of system F dene: 8t:( ! ! t) ! t : Pairing and projections terms can be dened as follows:

hM N i = t:f : ! ! t:fMN 1 M 2 M

= M(x : :y : :x) = M (x : :y : :y) :

Note that ihM1 M2i = Mi but pairing is not surjective, i.e. h1M 2 M i 6= M.

Exercise 11.5.12 Study the properties of the following codings of sum and existential: + = 8t:( ! t) ! ( ! t) ! t 9t: = 8s:(8t: ! s) ! s :

We conclude by proving the core of Girard's celebrated result: all terms typable in system F strongly normalize. The proof is based on the notion of reducibility candidate already considered in denition 3.5.13 and in the adequacy proof of section 8.2. In order to make notation lighter we will work with untyped terms obtained from the erasure of well-typed terms.

Denition 11.5.13 The erasure function er takes a typed term and returns an

untyped -term. It is dened by induction on the structure of the term as follows:

er(x) = x er(x : :M ) = x:er(M ) er(MN ) = er(M )er(N ) er(t:M ) = er(M ) er(M ) = er(M ) : In system F we distinguish two avours of -reduction: the one involving a redex (x : :M )N which we call simply and the one involving a redex (t:M ) which we call t. Erasing type information may eliminate some reductions of the shape (t:M ) ! M =t], however this does not aect the strong normalization property as shown in the following.

Proposition 11.5.14 Let M be a well-typed term in system F. Then: (1) If M ! N then er(M ) ! er(N ). (2) If M !t N then er(M ) er(N ). (3) If M diverges then er(M ) diverges.

11.5. SYSTEM F

297

Proof. We leave (1-2) to the reader. For (3), we observe that sequences of t-reductions always terminate. Hence we can extract an innite reduction of er(M ) from an innite reduction of M . 2

Denition 11.5.15 (reducibility candidate) Let SN be the collection of untyped -strongly normalizable terms. A set X SN is a reducibility candidate if: (1) Qi 2 SN , i = 1 : : : n, n 0 implies xQ1 : : : Qn 2 X . (2) P Q=x]Q1 : : : Qn 2 X and Q 2 SN implies (x:P )QQ1 : : : Qn 2 X . We denote with RC the collection of reducibility candidates and we abbreviate Q1 : : : Qn with Q~ .

Proposition 11.5.16 (1) The set SN is a reducibility candidate. (2) If X 2 RC then X 6= .

(3) The collection RC is closed under arbitrary intersections. (4) If X Y 2 RC then the following set is a reducibility candidate:

X ) Y = fM j 8N 2 X (MN 2 Y )g :

Proof. (1) We observe that P Q=x]Q~ 2 SN and Q 2 SN implies (x:P )QQ~ 2 SN . Proceed by induction on ln(P )+ ln(Q)+ ln(Q1)+ + ln(Qn ), where ln(P )

is the length of the longest reduction. (2) By denition x 2 X . (3) Immediate. (4) Here we see the use of the vector Q~ . For instance let us consider the second condition. To show (x:P )QQ~ 2 X ) Y observe 8Q 2 X (P Q=x]Q~ Q 2 Y ) since by hypothesis P Q=x]Q~ 2 X ) Y . 2 0

0

Denition 11.5.17 Given a type environment : Tvar ! RC we interpret types as follows:

t] = (t) ! ] = T] ) ] 8t:] = X RC ] X=t] : 2

Theorem 11.5.18 (strong normalization of system F) Given an arbitrary type environment , and a derivable judgment x1 : 1 : : : xn : n ` M : , if Pi 2 i] , for i = 1 : : : n then er(M )P1=x1 : : : Pn =xn] 2 ] . Proof. We abbreviate P1=x1 : : : Pn=xn ] with P~ =~x]. We proceed by induction on the length of the typing proof. The case (Asmp) follows by denition.

298


(!I ) We have to show x:er(M )P~ =~x] 2 ! ] . By inductive hypothesis we know er(M )P~ =~x]P=x] 2 ] , for all P 2 ] . We conclude using property (2) of reducibility candidates. (!E ) By the denition of ). (8I ) We have to show er(M )P~ =~x] 2 TX RC ] X=t]. By the side condition on the typing rule we know i] = i] X=t], for an arbitrary X 2 RC . By inductive hypothesis er(M )P~ =~x] 2 ] X=t], for an arbitrary X 2 RC . (8E) We haveTto show er(M )P~ =~x] 2 ] ] =t]. By inductive hypothesis er(M )P~ =~x] 2 X RC ] X=t]. Pick up X = ] . 2 2

2

The formal statement of theorem 11.5.18 can be regarded as a syntactic version of the fundamental lemma of (unary) logical relations (cf. 4.5.3). The following exercises present two variations over this result.

Exercise 11.5.19 We say that a set X of untyped -terms is saturated (or closed by

head expansion) if P Q=x]Q1 : : : Qn 2 X implies ( x:P )QQ1 : : : Qn 2 X . Following de nition 11.5.17 associate a saturated set to every type and prove the analogous of theorem 11.5.18.

Exercise 11.5.20 We say that a term is neutral if it does not start with a -abstraction. The collection RC (cf. GLT89]) is given by the sets X of strongly normalizing terms satisfying the following conditions: (1) M 2 X and M ! M implies M 2 X . (2) M neutral and 8M (M ! M ) M 2 X ) implies M 2 X . Carry on the strong normalization proof using the collection RC . 0

0

0

0

0

0

0

Exercise 11.5.21 Extend the strong normalization results for system F to -reduction, where the rule for type abstraction is: t:Mt ! M t 2= FV (M ).

Remark 11.5.22 Note that -expansion in system F does not normalize, as: x : 8t:t:x ! x : 8t:t:t:xt ! Remark 11.5.23 It is possible to reduce the strong normalization of the P 2calculus to the strong normalization of system F by a translation technique that generalizes the one employed in section 11.4 for the system LF GN91].

Chapter 12 Stability The theory of stable functions is originally due to Berry Ber78]. It has been rediscovered by Girard Gir86] as a semantic counterpart of his theory of dilators. Similar ideas were also developed independently and with purely mathematical motivations by Diers (see Tay90a] for references). Berry discovered stability in his study of sequential computation (cf. theorem 2.4) and of the full abstraction problem for Pcf (cf. section 6.4). His intuitions are drawn from an operational perspective, where one is concerned, not only with the input-output behaviour of procedures, but also with questions such as: \which amount of the input is actually explored by the procedure before it produces an output". In Girard's work, stable functions arose in a construction of a model of system F (see chapter 11)& soon after, his work on stability paved the way to linear logic, which is the subject of chapter 13. In section 12.1 we introduce the conditionally multiplicative functions, which are the continuous functions preserving binary compatible glb's. In section 12.2 we introduce the stable functions and the stable ordering, focusing on minimal points and traces. Stability and conditional multiplicativity are dierent in general, but are equivalent under a well-foundedness assumption. They both lead to cartesian closed categories. In section 12.5 we build another cartesian closed category of stable functions, based on a characterisation of stable functions by the preservation of connected glb's. This category involves certain L-domains satisfying a strong distributivity axiom, which are investigated in section 12.6. In the rest of the chapter, we impose algebraicity, as in chapter 5. In Section 12.3 we introduce event domains and their representations by event structures, and we show that they form a cartesian closed category. Berry's dI-domains are examples of event domains, and Girard's coherence spaces (which give rise to a model of linear logic) are examples of dI-domains. In section 12.4 we discuss the stable version of biniteness. Within this framework a remarkably simple theory of retractions can be developed. Figure 12.4 summarises the cartesian closed categories described in this chapter. The present chapter is based on Ber78] (sections 12.1, 12.2, 12.3), Win80] 299

CHAPTER 12. STABILITY

300

(section 12.3), Tay90a] (sections 12.5 and 12.6), and Ama91a] (section 12.4).

12.1 Conditionally Multiplicative Functions In this section we focus on functions preserving the compatible binary glb's. We therefore work with cpo's which have such glb's. Moreover, this partial glb operation is required to be continuous. This condition ensures that function spaces ordered by the stable ordering are cpo's.

Denition 12.1.1 (meet cpo) A cpo (D ) is called a meet cpo if 1 : 8 x y (x " y ) x ^ y exists ) W 2 : 8 x 8 $ dir D (x " ( $) ) x ^ (W $) = Wfx ^ j 2 $g): . The condition (2) of denition 12.1.1, which expresses the continuity property of binary glb's, can be relaxed. Morevover, it comes for free in an algebraic cpo.

W $) exists, then the dis1. In a meet cpo, as soon as x ^ ( tributivity equality x ^ (W $) = Wfx ^ j 2 X g holds.

Lemma 12.1.2

2. An algebraic cpo is a meet cpo i condition (1) of denition 12.1.1 holds.

Proof. (1) We apply condition (2) with x ^ (W $) in place of x: _ _ _ _ _ (x ^ ( $)) ^ ( $) = f(x ^ ( $)) ^ j 2 X g = fx ^ j 2 X g:

(2) To check x ^ (W $) WfWx ^ j 2 X g, it is enough to check that every W compact e such that e x ^ ( $) is also such that e fWx ^ j 2 X g, which is clear since, by the denition of compact elements, e $ implies e for some 2 $. 2 In particular, in bounded complete cpo's the glb function is dened everywhere and is continuous. Some (counter-)examples are given in gure 12.1.

Denition 12.1.3 (conditionally multiplicative) Let D and D be meet cpo's. A function f : D ! D is called conditionally multiplicative, or cm for short if 8 x y 2 D x " y ) f (x ^ y) = f (x) ^ f (y): We write D !cm D for the set of cm functions from D to D . 0

0

0

0

The fonction por considered in section 6.4 is an example of a continuous functions which is not cm: por (? tt) ^ por (tt ?) = tt 6= ? = por (? ?):

12.1. CONDITIONALLY MULTIPLICATIVE FUNCTIONS

301

(A) f? a b c dg, ordered as follows: ? minimum a c d b c d is a meet cpo which is not bounded complete. (B) f? a b c d eg , ordered as follows:

? minimum a c d b c d c d e is not a meet cpo (condition (1) of de nition 12.1.1 is violated). (C) ! fa bg, described in example 1.1.6 to give an example of a non-algebraic cpo, also fails to be a meet cpo (condition (2) of de nition 12.1.1 is violated). Figure 12.1: Meet cpo structure: example, and counter-examples The following function from T3 to O due to Berry (and independently to Kleene, see section 14.1) is a stable function: 8 > if x = tt and y = >>< if x = and z = tt gustave (x y z ) = > > > if y = tt and z = >: ? otherwise : The simplest way to verify that this function is stable is by checking that its minimal points, i.e., the mimimal elements (x y z) of T3 such that gustave (x y z) = > (see de nition 12.2.1), are pairwise incompatible. Indeed, if (x1 y1 z1) " (x2 y2 z2), gustave (x1 y1 z1) = > and gustave (x2 y2 z2) = >, then (x1 y1 z1) and (x2 y2 z2) dominate the same minimal point (x y z) by the incompatibility of distinct minimal points, hence (x y z) (x1 y1 z1) ^ (x2 y2 z2), and gustave ((x1 y1 z1) ^ (x2 y2 z2)) = > = gustave (x1 y1 z1) ^ gustave (x2 y2 z2): The main diculty in getting a cartesian closed category of cm functions resides in making the evaluation morphism ev stable. The pointwise ordering ext on functions does not work. Consider the identity function id , and the constant function > = x:>, both in O !cm O. Then id ext >, so that if ev were to be stable, we should have that ev (id ?) and ev (id >) ^ ev (> ?) are equal. But in fact ev (id >) ^ ev (> ?) = > ^ > 6= ? = ev (id ?):


302

To overcome the diculty, Berry de ned the stable ordering st . Actually, the goal of making ev cm forces the de nition of st given next. Indeed, suppose f st g and y x. Then we must have

f (y) = ev (f ^ g x ^ y) = ev (f x) ^ ev (g y) = f (x) ^ g(y):

Denition 12.1.4 (stable ordering (cm)) Let D and D be two meet cpo's, and f f : D !cm D . We dene f st f by 8 x x (x x ) f (x) = f (x ) ^ f (x)): In particular, if f st g, then f ext g (take x = x ). (From now on, to avoid 0

0

0

0

0

0

0

0

0

ambiguities, we use ext for the pointwise ordering, cf. denition 1.4.4.)

Lemma 12.1.5 The relation st of denition 12.1.4 is a partial order. Proof. Reexivity is obvious. For the transitivity, assume f st f , f st f , and x x : f (x) = f (x ) ^ f (x) = f (x ) ^ f (x ) ^ f (x) = f (x ) ^ f (x): Antisymmetry follows from the antisymmetry of ext . 2 0

0

00

0

0

0

0

0

0

00

0

00

Exercise 12.1.6 Suppose that D D are meet cpo's and let f f : D !cm D . (1) 0

Show that f st f i

0

0

0

f ext f and 8 x x (x " x 0

0

) f (x) ^ f (x ) = f (x ) ^ f (x)): (x " x ) f (x) ^ f (x ) = f (x ) ^ f (x)). 0

0

0

0

0

(2) Show that if f "st f , then 8 x x (3) Conversely, assuming that D is a distributive meet cpo (see de nition 12.1.12), show that if 0

0

0

0

0

0

0

0

f "ext f (for 0

ext ) and 8 x x (x " x ) f (x) ^ f (x ) = f (x ) ^ f (x)) 0

0

0

0

0

0

then f "st f . Hint for (3): one uses exactly the information in the assumption to show that the pointwise lub of f f is their lub in the stable ordering, see the proof of theorem 12.1.13. 0

0

Exercise 12.1.7 Show that if f ext g st h and f st h, then f st g. Exercise 12.1.8 Let f g : D ! E , with f continuous, g cm, and f st g. Show that f is cm.

Theorem 12.1.9 (cm - CCC) The category of meet cpo's and conditionally multiplicative functions is a cpo-enriched CCC.

12.1. CONDITIONALLY MULTIPLICATIVE FUNCTIONS

303

Proof. The veri cation that the composition of two cm functions is cm is

immediate. As for the cpo-enriched CCC structure, we content ourselves with the veri cations that D !cm D , ordered by the stable ordering, is a meet cpo, and that the evaluation morphism ev is cm 1. Directed lub's and binary compatible glb's are de ned pointwise (and therefore the continuity Wproperty of ^ comes for free). Let H dir D !cm D , and de ne h by h(x) = ff (x) j f 2 H g.

h is cm: _ _ _ h(x) ^ h(y) = ( f (x)) ^ ( f (y)) = ff (x) ^ g(y) j f g 2 H g: 0

0

f H 2

f H 2

We conclude by observing that f (x) ^ g(y) k(x) ^ k(y) = k(x ^ y) if k is an upper bound of f g in H .

h is an upper bound of H . Let f0 2 H and x y: _ _ f0(y)^h(x) = ff0(y)^f (x) j f 2 H g = ff0(x)^f (y) j f 2 H g = f0(x)^h(y): A similar argument shows that it is the least upper bound in the stable ordering. If f "st g, we de ne f ^ g by (f ^ g)(x) = f (x) ^ g(x). We check f ^ g st f . Let x y: (f ^ g)(y) ^ f (x) = g(y) ^ f (x) = g(x) ^ f (y) = g(y) ^ f (x) ^ g(x) ^ f (y) = f (x) ^ g(x) (cf. exercise 12.1.6). Suppose k st f g. We show k st f ^ g. Let x y: (f ^ g)(x) ^ k(y) = f (x) ^ k(x) = k(x): The stability of ev follows from the de nition of the stable ordering: ev (f x) ^ ev (g y ) = f (x) ^ g (y ) = f (y) ^ g(x) = f (x) ^ f (y) ^ g(x) ^ g(y) = ev (f ^ g x ^ y) :

2

Exercise 12.1.10 Show that the following combination of order-theoretic compatible binary glb's (where (h z ) is an upper bound of (f x) (g y )), borrowed from Tay90a], oers an attractive picture of the proof that ev is cm: (f ^ g )(x ^ y ) ! (f ^ g )(x) ! f (x) # (f ^ g stable) # (f ^ g st f ) # (f ^ g )(y ) ! (f ^ g )(z ) ! f (z) # (f ^ g st g ) # (de nition) # g(y) ! g (z) ! h(z)

In all the CCC's presented in this chapter, the pairing and currying are the set-theoretical ones (cf. exercises 4.2.11 and 4.2.12). We have written one of the proofs (theorem 12.2.8) in full detail. 1


304

(A) f? a b c dg, ordered as follows: ? minimum a b c d (B) f? a b c dg, ordered as follows: ? minimum a d b c d Figure 12.2: Examples of non-distributive nite lattices

Exercise 12.1.11 Show that the composition operation on meet cpo's is cm. If we assume bounded completeness of the domains, we are led to introduce distributivity to maintain cartesian closure.

Denition 12.1.12 (distributive cpo) A cpo is called distributive if it is bounded complete (cf. denition 1.4.9) and satises

8 x y z fx y zg compatible ) x ^ (y _ z) = (x ^ y) _ (x ^ z): Some counterexamples are given in gure 12.2.

Theorem 12.1.13 The category of distributive meet cpo's and cm functions is a cpo-enriched CCC.

Proof. Let f "st g. We show that f _ g de ned pointwise is also the stable lub of f g. Let h(x) = f (x) _ g(x).

h is stable: On one end we have h(x ^ y) = (f (x) ^ f (y)) _ (g(x) ^ g(y)) and on the other end we have

h(x) ^ (f _ g)(y) = (f (x) _ g(x)) ^ (f (y) _ g(y)): By distributivity we have (f (x) _ g(x)) ^ (f (y) _ g(y)) = (f (x) ^ f (y)) _ (g(x) ^ g(y)) _ (f (x) ^ g(y)) _ (g(x) ^ f (y)) :

12.2. STABLE FUNCTIONS

305

The conclusion follows from the observation that f "st g impliesf (x) ^ g(y) = g(x) ^ f (y), hence f (x) ^ g(y) g(x) ^ f (y) f (x) ^ f (y).

h is a stable upper bound: Let x y. We have

h(x) ^ f (y) = (f (x) ^ f (y)) _ (g(x) ^ f (y)) = f (x) _ (f (x) ^ g(y)) = f (x):

h is the stable lub: Let f g st k and x y. We have: k(x) ^ h(y) = (k(x) ^ f (y)) _ (k(x) ^ g(y)) = (k(y) ^ f (x)) _ (k(y) ^ g(x)) = k(y) ^ h(x) = h(x) : 2

12.2 Stable Functions Stable functions can be de ned on arbitrary cpo's. Their de nition brings us closer to an operational intuition.

Denition 12.2.1 (stable) Let D and D be cpo's. A function f : D ! D is called stable if it is continuous and if, for any x 2 D, x 2 D such that x f (x): 9 x0 x (x f (x0) and (8 y x (x f (y) ) x0 y))): 0

0

0

0

0

0

0

This uniquely determined x0 is written m(f x x ), and is called a minimal point of f (relative to x ). We write D !st D for the set of stable functions from D to D . The following set is called the trace of f : 0

0

0

0

trace (f ) = f(x x ) 2 D D j x f (x) and x = m(f x x )g: 0

0

0

0

The function m(f ) is called the multi-adjoint of f (the situation x f (y ) versus m(f x x ) y is reminiscent of an adjunction). 0

0

In computational terms, m(f x x ) represents the amount of x which is \read" by f in order to \write" (at least) x . Stable functions can also be described by glb preservation properties, as we now explain. 0

0

Proposition 12.2.2 1. Let DVand D be cpo's, and let f : D !st D . Then for any bounded X D such that X exists, f (V X ) = V f (X ). 0

0

2. Conversely, if D and D have all non-empty bounded glb's, then a continuous function preserving all such glb's is stable. 0


306

Proof. (1) f (V X ) is a lower bound of f (X ) by monotonicity. Suppose that z f (X ). Let y X . Then z f (y). Let z0 = m(f y z ). Pick x 2 VX . Then z0 x by the minimality of z0, sinceVz f (x) and x y. Hence z0 X , and V z f (z0) ) z f ( X ). Hence f ( X ) is the glb of f (X ). (2) Let y f (x). Consider z0 = fz j z x and y f (z)g. We claim that z0 is m(f x y). This amounts to y f (z0), which holds since ^ f (z0) = ff (z) j z x and y f (z)g: 0

0

0

0

0

0

2 In section 12.5, we shall see that stable functions preserve even more glb's (the connected ones, provided they exist). Meanwhile, going from \more" to \less", by proposition 12.2.2, stable functions on meet cpo's are conditonally multiplicative. Berry has provided the following example of a cm, non stable function. Let

D = ! f?g with ? n 1 0: Let f : D ! O be de ned by: f (?) = ?, f (n) = >. Then f is cm, but m(f 0 >) does not exist. If we prevent the existence of in nite descending chains, then cm and stable are equivalent notions.

Proposition 12.2.3 If D and D are algebraic meet cpo's, and if K(D) is wellfounded, then f : D ! D is stable i it is cm. Proof. Let f be cm. Consider x f (x). By continuity, x f (d) for some compact d x. If d is not minimum with that property, then for some compact d1 x we have x f (d1) and d 6 d1. Hence x f (d) ^ f (d1 ) = f (d ^ d1). In this way we construct a strictly decreasing chain d > d ^ d1 > that must 0

0

0

0

0

0

2

eventually end with e satisfying the de nition of m(f x x ). 0

The stable ordering between stable functions can be de ned in terms of minimal points. Denition 12.2.4 (stable ordering (stable)) Let D, D be cpo's, and f f : D !st D . We write f st f i 0

0

0

0

f ext f and 8 x x (x f (x) ) m(f x x ) = m(f x x )): 0

0

0

0

0

0

Equivalently, st can be dened by the inclusion of traces:

f st f

0

i

trace (f ) trace (f ): 0

It is immediate that st is a partial order, called the stable ordering. We write f "st g to mean that f g are compatible with respect to st .


307

Exercise 12.2.5 Show that the stable ordering can be equivalently de ned as follows: f st f i (f ext f and 8 x x (x 0

0

0

0

f (x) ) 8 y x (x f (y) ) x f (y)))): 0

0

0

The next lemma shows that the stable ordering just de ned coincides with the stable ordering on the underlying cm functions.

Lemma 12.2.6 Let D and D be two cpo's, and f f : D !st D . The following 0

0

0

equivalence holds:

f st f , 8 x x (x x ) f (x) = f (x ) ^ f (x)) (in particular, the glb's f (x ) ^ f (x) exist). Proof. ()) f (x) is a lower bound of ff (x ) f (x)g. If z f (x ) and z f (x), then m(f x z ) x, since z f (x) and by de nition of m(f x z ). Hence z f (x) since y = m(f x z ). (() In particular, taking x = x , we get f ext f , hence m(f z z ) m(f z z ), for z f (z). From the implication, we get that for any z1 z, z f (z1) implies z f (z1), which shows m(f z z ) m(f z z ). 2 Lemma 12.2.7 Let D D be cpo's and let f : D !st D . The following proper0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

ties hold: 1. If dir D , and if W f (x), then 0

0

0

_ _ m(f x ) = fm(f x ) j 2 g: 0

0

0

0

2. If D and D are bounded complete, and if x1 f (x) and x2 f (x), then 0

0

0

m(f x x1 _ x2) = m(f x x1) _ m(f x x2) 0

0

0

0

(provided these lub's exist). 3. If D and D are algebraic, then f : D ! D is stable i for any compact x 2 K(D), x 2 K(D ), such that x f (x), m(f x x ) exists. Proof. We only prove (3). Let x 2 D, x 2 D , not necessarily compact. We have: m(f x x ) = Wfm(f x d ) j d compact and d x g by (1) m(f x d ) = m(f d d ) for some d by continuity: 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

2

Theorem 12.2.8 (stable - CCC) The category of distributive meet cpo's2 and stable functions is a cpo-enriched CCC (cf. denition 6.1.1).

Bounded completeness comes in to get products. Distributivity comes in to show that binary compatible lub's are stable. 2


308

Proof. First of all, we need to check that the composition of two stable functions is stable. Let f : D !st D and f : D !st D , and let x f (f (x)). Then we 0

claim:

0

0

00

00

0

m(f f x x ) = m(f x m(f f (x) x )): Indeed, for y x, we have: m(f f (x) x ) f (y) i x f (f (y)). We leave the reader check that the set-theoretic product, with the componentwise ordering and the usual projections and pairing, is a categorical product. Notice that for f : D !st D , g : D !st D : 0

00

0

0

0

00

00

00

0

00

m(hf gi x (x x )) = m(f x x ) _ m(g x x ): 0

00

0

00

We check in detail that D !st D is a categorical exponent. We rst show that D !st D is a cpo. Let H dir WD !st D . Then a fortiori H is directed for ext . Consider h de ned by Wh(x) = ff (x) j f 2 H g. We check that h is stable by showing m(h x x ) = f H m(f x x ^ f (x)), for all x x such that x h(x). Let y x. We have, using the continuity of glb's: 0

0

0

0

0

0

0

2

_

m(h x x ) y , x h(y) , 0

0

f H

(x ^ f (y)) = x : 0

0

2

On the other hand we have

_

m(f x x ^ f (x)) y , 8 f 2 H x ^ f (x) f (y) 0

f H

0

2

which can be rephrased as: 8 f 2 H x ^ f (x) = x ^ f (y). Thus we are left to show: _ 8 f 2 H (x ^ f (x) = x ^ f (y) , (x ^ f (y)) = x ): 0

0

0

0

0

0

f H

( )) W

W f H (x ^ f (y )) = f H (x ^ f (x)) = x ^ h(x) = x . ( () Let f0 2 H . We have (cf. exercise 12.1.6): x ^ f0(x) = Wf H (x ^ f (y) ^ f0(x)) = Wf H (x ^ f (x) ^ f0(y)) = x ^ f0(y) ^ h(x) = x ^ f0(y) : Hence h is stable. Next we show: 8 f 2 H f st h. Let f 2 H and x f (x). Since f ext Wh, we have m(h x x ) m(f x x ). On the other hand, since m(h x x ) = m(f x x ^ f (x)), we have 2

0

0

2

0

0

2

0

0

0

2

2

0

0

0

0

f H

0

0

0

2

m(f x x ) = m(f x x ^ f (x)) m(h x x ): 0

0

0

Finally let k be an upper bound of H in the stable order. We show h st k:

m(h x x ) = 0

_

f H 2

m(f x x ^ f (x)) = 0

_

f H 2

m(k x x ^ f (x)) = m(k x x ): 0

0


309

This completes the proof that D !st D is a cpo. Binary compatible glb's exist, and are de ned pointwise: for f g st h, de ne k(x) = f (x) ^ g(x). This is a continuous function by continuity of the glb operation. Let x k(x), and y x. Then we have 0

0

(x k(y) , (m(f x x ) y) and (m(g x x ) y) , m(h x x ) y) 0

0

0

0

since m(f x x ) and m(g x x ) are both equal to m(h x x ) by assumption. Hence m(k x x ) = m(h x x ). Thus k is stable, k st f , and k st g. Finally, suppose k st f g. Then m(k x x ) = m(f x x ) = m(g x x ), hence m(k x x ) = m(k x x ). This completes the proof that k = Wf ^ g (with respect W to the stable ordering). The continuity property f ^ ( H ) = h H (f ^ h) follows from the fact that the operations are de ned pointwise. Binary compatible lub's exist too. Suppose f g st h, and de ne k(x) = f (x)_g(x). The proof that k is stable and is the lub of f g in the stable ordering is completely similar to the proof of directed completeness D !st D . One replaces everywhere uses of the continuity of the glb operation by uses of its distributivity. The distributivity equation follows from the fact that the operations are de ned pointwise. Thus we have proved that D !st D is a distributive meet cpo. We now prove that ev is stable. Consider (f x) and x such that x f (x) = ev (f x). We show that m(ev (f x) x ) = (g z ), where z = m(f x x ) and g = y:x ^ f (y ^ z). (By bounded completeness, all binary glb's exist, thus g is well-de ned and continuous, cf. lemma 12.1.2.) First, z x by de nition. We check g st f . We have (for y y1) 0

0

0

0

0

0

0

0

0

0

0

0

0

2

0

0

0

0

0

0

0

g(y1) ^ f (y) = x ^ f (y1 ^ z) ^ f (y) = x ^ f (y1 ^ z ^ y) = g(y): 0

0

Second, we check x g(z). We actually even have x = g(z): 0

0

g(z) = x ^ f (z ^ z) = x ^ f (z) = x : 0

0

0

Finally, let (f1 x1) (f x) be such that x f1(x1). Then a fortiori x f (x1), hence z x1. Next we show g ext f1: 0

0

g(y) ^ f1(y) = x ^ (f (y ^ z) ^ f1(y)) = x ^ f1(y ^ z) = x ^ f1(y ^ z) ^ f (x1) = x ^ (f (y ^ z) ^ f1(x1)) = (x ^ f1(x1)) ^ f (y ^ z) = g(y) : 0

0

0

0

0

Finally, we prove g st f1 . Let y y1:

g(y1)^f1(y) = x ^f (y1^z)^f1(y) = x ^f1(y1^z)^f (y) x ^f (y1^z)^f (y) = g(y): 0

0

0

This completes the proof that m(ev (f x) x ) = (g z), and hence that ev is stable. 0


310

Next we show that (f )(x) is stable. Let m(f (x x ) x ) = (y y ). We show that m((f )(x) x x ) = y . Since (y y ) (x y ), we have x f (x y ), that is, x (f )(x)(y ). If z x and x (f )(x)(z ), then (y y ) (x z ), and in particular y z . This proves the stability of (f )(x), and also that (f ) is monotonic: if x x1, then 0

0

00

00

0

0

0

0

0

0

00

0

0

00

00

0

0

0

0

0

m((f )(x) x x ) = m((f )(x1) x x ) = y : Finally, we check that (f ) is stable. We show, for g st (f )(x): ^ m((f ) x g) = T where T = fy j y x and g st (f )(y)g: We have to check that g st (f )(V T ). For any x , since g(x ) f (y x ) for any y 2 T , we have by stability (cf. proposition 12.2.2) ^ ^ g(x ) f (y x ) = f ( T x ) 0

00

0

00

0

0

0

0

0

0

0

y T 2

i.e., g ext (f )(V T ). ByV exercise 12.1.7, g st (f )(x) and (f )(V T ) st (f )(x) imply g st (f )( T ). Thus we have established the CCC structure. Finally, we check that is monotonic. Suppose f st g. We rst show (f ) ext (g), i.e., 8 x (f )(x) st (g)(x). Recall that m((f )(x) x x ) = y , where y is the second component of m(f (x x ) x ). Since f st g, we have m(g (x x ) x ) = m(f (x x ) x ). Hence m((f )(x) x x ) = m((g)(x) x x ): Next, suppose y x. We have to check (f )(y) = (f )(x) ^ (g)(y). By the pointwise de nition of binary compatible glb's, this amounts to f (y x ) = f (x x ) ^ g(y x ), which holds since f st g. 2 Exercise 12.2.9 (trace factorisation Tay90b]) Show that trace (f ), ordered by the 0

0

0

0

00

0

00

0

00

00

0

00

0

00

0

0

0

induced componentwise order, is a cpo. Consider the following functions:

: trace (f ) ! D (x x ) = x : trace (f ) ! D (x x ) = x h : D ! trace (f ) h(x) = f(m(f x f (x)) f (x)) j x 2 Dg : (1) Show that a h, i.e., (x1 y1) h(x) , x1 x. (2) A monotonic function f : X ! Y between two partial orders is called a bration if for any pair (x y) such that y f (x), there exists an element ! (f x y ) of D such that: (0) ! (f x y ) x (1) f (! (f x y )) = y (2) 8 z x (f (z ) y ) z ! (f x y )) : Show that : trace (f ) ! D is a stable bration, by which we mean that it is stable, and that it is a bration with ! (f ) as multi-adjoint. (Equivalently, a stable bration 0

0

0

0

0

0

0

0

12.3. DI-DOMAINS AND EVENT STRUCTURES

311

can be de ned as a bration (with ! ), which is stable (with m) and is such that all bers are groupoids, i.e., all subsets f 1 (x) consist of non comparable points.) (3) Show that the sets M of functions with a left adjoint and E of stable brations form a factorisation system for stable functions, by which we mean: (a) Any stable function f factorises as f = h, with h 2 M and 2 E . (b) M and E contain the order-isomorphisms and are closed under composition with order-isomorphisms. (c) For every commuting square g h = l f where h 2 M and l 2 E , there exists a unique stable (called diagonal ll-in) such that l = g and h f . (The unique diagonal

ll-in property allows us to show the uniqueness of the E -M factorisation.) ;

0

0

Exercise 12.2.10 Show that the category of cpo's and stable functions is not cartesian. Hints: consider example (B) in gure 12.1 (ahead). Call this domain D and de ne a pair of functions f : D ! O and g : D ! O such that the pairing fails to be stable.

Exercise 12.2.11 * Develop a theory of stable, partial functions by analogy with the continuous case. Discuss lifting and sum in this framework.

12.3 dI-domains and Event Structures We now address algebraicity. In continuous domain theory, the compact functions are nite lub's of step functions d ! e (cf. proposition 1.4.8). Step functions are stable, but they do not serve as approximations of functions as in the continuous case. In the continuous case, one simply has (d ! e) ext f i e f (d). However it is not true in general that e f (d) (or even m(f d e) = d) implies (d ! e) st f . The point is that for e1 < e, one may have m(f d e1) < d, which precludes (d ! e) st f , since m(d ! e d e1) = d. This suggests to \saturate" our candidate d ! e by forming a lub (d ! e) _ _ (di ! ei) _ , with ei < e and di = m(f d ei). To ensure the niteness of this saturation process, one is lead to assume the following property I , which may be read as \ nite is really nite".

Denition 12.3.1 (dI-domain) Let D be an algebraic cpo. Property I is dened as follows:

(I ) Each compact element dominates nitely many elements. An algebraic, bounded complete and distributive cpo satisfying property I is called a dI-domain.

Exercise 12.3.2 Show that an algebraic domain satis es I i each compact element dominates nitely many compact elements. Hint: for any y x the approximants of y are also approximants of x, hence are nitely many.


312

Clearly, property I implies well-foundedness, hence under the assumption that property I is satis ed stable functions are the same as cm functions. The dI-domains are due to Berry, who showed that they form a cartesian closed category. In fact, distributivity is not needed. We take a concrete approach, based on event structures. An event structure can be perceived as the speci cation of how to build data out of distinct discrete pieces, or events, respecting consistency and causality requirements. These intuitions come from the theory of concurrency, and, indeed, event structures have been investigated in connection with Petri nets. Winskel Win80, Win86] noticed that they could be used for domain theory, and this is what concerns us here. Any event structure generates a cpo, and dI-domains are recast from a subclass of event structures satisfying an axiom corresponding to distributivity.

Denition 12.3.3 (event structure) An event structure (E Con `) (E for short) is given by:

a set E whose elements are called events,

a non-empty predicate Con Pfin(E ), called consistency, satisfying: ( Con ) (X 2 Con and Y X ) ) Y 2 Con :

a relation ` Con E , called the enabling relation if X ` e, we say that X is an enabling of e.

Enablings serve to dene proof trees for events. A proof of an event e is a tree labelled by events, formed recursively as follows. If ` e, then e is a proof of e. If t1 : : : tn are proofs of e1 : : : en, and if fe1 : : : eng ` e, then the tree formed by placing a root labelled with e above t1 : : : tn is a proof of e. A state (or conguration) of an event structure E is a subset x of E which is:

consistent, that is, 8 X n E X 2 Con

safe, that is, for any e 2 x there exists a proof tree for e whose nodes are all in x.

We write D(E Con `) for the collection of states, ordered by inclusion. An event structure is called stable if for any state x, for any X ,Y , and e such that e 2 x, X n x, Y n x, then X ` e and Y ` e ) X = Y . A partial order is called (stable) event domain if it is generated by some (stable) event structure, i.e., if it is isomorphic to D(E Con `) for some (stable) event structure (E Con `).


313

The stability condition on event structures allows us to de ne the glb of two compatible states as their set-theoretic intersection. Proposition 12.3.4 Event domains are Scott domains satisfying property I . The minimum element is the empty state which is indierently written ? or . Stable event domains are dI-domains. Proof. Let E be an event structure. We rst show that D(E Con `) (D for short) is a bounded complete cpo. Let be a directed set of states, and consider its set-theoretic union x. We prove that x is a state. Let X n x. Then, by directedness, X n for some 2 . Hence X 2 Con . Safety is obvious for a union. Let now x y z be states such that x y z. The set-theoretic union of x and y is again a state, by the same argument. The algebraicity of D follows from the observation that nite states are compact, and that every state x is the union of the nite states underlying the proof trees of the events e 2 x. Moreover the compact states are exactly the nite ones, from which property I follows. Let us now assume that E is stable. Distributivity follows from the settheoretic distributivity of intersection over union, since the binary compatible glb of two states is its intersection, thanks to the condition of stability. 2 We shall see that in fact dI-domains and stable event domains are the same (proposition 12.3.10).

Example 12.3.5 Consider E = fe1 e2 e3 e4g, and ` given by ` e1 ` e2 fe1 e2g ` e3 fe1 e2g ` e4: And consider the two following consistency predicates Con 1 and Con 2 , described by their maximal elements: fe1 e2 e3g 2 Con 1 fe1 e2 e4g 2 Con 1 fe1 e2 e3 e4g 2 Con 2 : Then (E Con 1 `) is a stable event structure, and (E Con 2 `) is an event structure which is not stable (consider fe1 e2 e3 e4g).

Where does the consistency predicate and the enabling come from? We let them arise from the consideration of a of a stable function f , viewed as a state (anticipating theorem 12.3.6).

If (d1 e1) (d2 e2) 2 trace (f ) and if d1 d2 d, then e1 e2 f (d). Therefore f(d1 e1) (d2 e2)g should not be consistent if d1 " d2 and e1 6" e2.

If (d1 e) (d2 e) 2 trace (f ) (with d1 6= d2), then d1 6" d2 by de nition of a stable function. Therefore f(d1 e1) (d2 e2)g should not be consistent if d1 " d2, d1 6= d2, and e1 = e2.


314

Let (d e) 2 trace (f ) and e1 < e. Then e1 f (d) implies (m(f d e1) e1) 2

trace (f ). Thus the should be closed under some form of enabling, such that (m(f d e1) e1) occurs in the proof of (d e) in trace (f ) (cf. the discussion on step functions at the beginning of the section.)

Theorem 12.3.6 (event domains - CCC) The category of event domains and stable (or cm) functions is a cpo-enriched CCC.

Proof. We only give the construction of the product and exponent objects. Speci cally, given E and E , we construct E E and E ! E in such a way that D(E E ) is the product of D(E ) and D(E ) in Poset, and that D(E ! E ) = D(E ) !st D(E ). We de ne E E as follows:

The collection of events is the disjoint union of E and E .

Consistency is de ned componentwise: X is consistent i both X \ E and X \ E are consistent.

The enabling relation is the disjoint union of the component enabling rela0

0

0

0

0

0

0

0

0

0

tions. We de ne E ! E as follows:

Events are pairs (x e ) where x is a nite state of E , and e 2 E .

A nite set f(xi ei) j i 2 I g is consistent i 0

0

0

0

0

8 J I fxj j j 2 J g bounded ) fej j j 2 J g 2 Con and 8 i j ei = ej ) (xi = xj or xi 6" xj ): 0

0

0

f(xi ei) j i 2 I g ` (x e ) i 8 i xi x and fei j i 2 I g ` e . Axiom ( Con ) is trivially satis ed. We show that there is an order-isomorphism between D(E ) !st D(E ) ordered by the stable ordering and D(E ! E ) ordered by inclusion. With f : D(E ) !st D(E ) we associate3 trace (f ) = f(x e ) j e 2 f (x) and (y x ) e 62 f (y ))g: We show that trace (f ) is a state. Consider f(xi ei) j i 2 I g trace (f ) and J I such that fxj j j 2 J g has a bound x. Then fej j j 2 J g f (x), hence is 0

0

0

0

0

0

0

0

0

0

0

0

consistent. The second condition follows from the de nition of stable function. As for safety, consider (x e ) 2 trace (f ) and a proof of e in f (x). We can attach to any node e1 in this proof the minimal point under x where f reaches e1. In this way we obtain a proof of (x e ) in trace (f ). 0

0

0

0

0

This denition of trace is a variation of the one given in denition 12.2.1, taylored to event structures. 3


315

That f st g is equivalent to trace (f ) trace (g) is just the de nition of the stable ordering (cf. de nition 12.2.4 see also lemma 12.2.7(3)). The converse transformation is de ned as follows. Given a state z of E ! E , we de ne 0

fun (z)(x) = fe j 9 y (y e ) 2 z and y xg: 0

0

We rst have to check that fun (z)(x) is a state. Its consistency follows from the rst condition in the de nition of higher-order consistency. Its safety follows from the safety of z, noticing that all the nodes in a proof of (y e ) 2 z have the form (y1 e1), with y1 y. The de nition of fun (z) ensures that it is continuous (notice that the y in the right hand side is nite). As for the stability, suppose that y1 and y2 are minimal under x relative to e . Then by the de nition of fun (z), it must be the case that (y1 e ) (y2 e ) 2 z, hence y1 = y2 by the de nition of higher-order consistency. Finally, it is easy to check that trace and fun are inverse bijections. 2 0

0

0

0

0

The distributivity plays no role in the proof of theorem 12.3.6. But it can be added without harm.

Theorem 12.3.7 (dI-domains - CCC) The category dI-Dom 4 of stable event domains and stable functions is a cpo-enriched CCC.

Proof hint. Check that E ! E is stable if E and E are stable. 0

0

2

What we lack at this point are representation theorems, in the style of theorem 10.2.12, giving an abstract order-theoretic characterisation of event domains and stable event domains. Droste Dro89] has provided a representation theorem for event domains (adapted from Win80]). We present this material in the form of a (dicult) exercise, which relies on the following de nition.

Denition 12.3.8 In a partial order, a prime interval is dened as a pair of elements x y such that x y , i.e., x < y and 6 9 z x < z < y. Prime intervals capture the intuition of an event as a discrete increment.

Exercise 12.3.9 * Show that the event domains are the algebraic cpo's which satisfy I as well as the following two axioms on compact elements:

(C ) (x y x z y 6= z y " z ) ) (y _ z exists y y _ z z y _ z ) (S ) x x ] y y ] x y ) x y : 0

0

0

0

In axiom (S), x x ] stands for a prime interval, and stands for the reexive, symmetric and transitive closure of the relation x y ] z y _ z ] (where x y z satisfy the 0

4

This name will be justied by proposition 12.3.10.


316

assumptions of (C)). The idea is to take as events the equivalence classes of prime intervals. Hints: If x y are compact and x y , there exists x = z0 zn y . Such a sequence is called a chain from x to y . If z0 : : : zm and z0 : : : zn are two chains from x to y , then for any equivalence class e of prime intervals ]fi j zi zi+1] 2 eg = ]fj j zj zj +1 ] 2 eg. Show the following implication: x x y y ) :(x x ] y y ]). 0

0

0

0

0

0

0

0

0

If distributivity is assumed, then the characterisation is much friendlier: the stable event domains are exactly dI-domains. Proposition 12.3.10 The following classes of cpo's coincide: 1 : stable event domains 2 : dI-domains 3 : coprime algebraic Scott domains (cf. denition 10.2.1) satisfying I: Proof. (1) ) (2) This is the second statement of proposition 12.3.4. (2) ) (3) Let D be a dI-domain.We use the characterisation given in proposition 10.4.3, and show that the compact elements of D are nite lub's of compact coprime elements. We follow a proof of Zhang Zha91]. We rst claim:

Claim. The compact coprimes are those compact elements that cover exactly

one element. To prove the claim, we notice that by property I , for any compact d, fe j e dg is nite, and if d1 d, d2 d and d1 6= d2, then we must have d1 _ d2 = d, and Whence d is not coprime. Conversely, if d covers exactly one element d1, let d X for a nite bounded X . By distributivity we get d = Wfd ^ x j x 2 X g. Pick x 2 X . If d ^ x 6= d, by property I we can nd an element covered by d above d ^ x, which by assumption means d ^ x d1. Hence at least one d ^ x mustWbe such that d ^ x = d (and hence d is coprime) as otherwise we would have d = fd ^ x j x 2 X g d1. Now we show that any compact element d 6= ? is a lub of nitely many compact coprimes. Consider the tree rooted at d formed by taking as sons of the root all the distinct elements d1 : : : dn covered by d if there are at least two such elements, and continuing so recursively. Notice that di 6= ? for all i, otherwise we would have di = ? d di = ? < dj < d (picking j 6= i): Then d is the lub of all the leaves of the tree, which are coprime since they cover exactly one element. (3) ) (1) Let D be as in (3). We de ne (E `) as follows. E consists of the compact coprime elements of D Con consists of the nite bounded subsets of E fe j e dg ` dfor any d 2 E , i.e., the unique enabling of e is fe j e dg:


317

This is clearly an event structure, and the uniqueness of enablings makes it a fortiori stable. We show that D is order-isomorphic to D(E Con `). To x 2 D we associate g(x) = fe j e compact coprime and e xg: g(x) is consistent since it is bounded, and it is safe since by property I any event has a unique nite proof tree. Conversely, to any state y 2 D(E ConW `) we associate W y which exists by bounded completeness. The composition g is the identity of D by W de nition of coprime-algebraic. If e y, then e e for some e 2 y since e is compact coprime. Then, by the de nition of enabling, e occurs in the proof tree W of e and is therefore in y by safety. Hence g is the identity on D(E Con `). 0

0

0

0

2

Special classes of stable event structures are those of Girard's qualitative domains, and of Girard's coherence spaces. Coherence spaces will be discussed at length in section 13.1. Denition 12.3.11 (qualitative domain) Qualitative domains are event domains all of whose events are initial: `= f` e j e 2 E g. Then, clearly, Con = K(D(E )). If moreover Con is specied by means of a reexive and symmetric relation _ ^, i.e., (X 2 Con , 8 x y 2 X x _ ^ y), then we say that we have a coherence space (see denition 13.1.1). Exercise 12.3.12 Show that the qualitative domains are the dI-domains in which the compact coprime elements p are atomic, i.e., ? p. Exercise 12.3.13 Show that the category of qualitative domains and stable functions is a cpo-enriched CCC.

Exercise 12.3.14 Show that the dI-domains are the distributive cpo's such that the

nite stable projections (see de nition 12.4.2 ahead) form a directed set (with respect to the stable ordering) which has as lub the identity. Use this characterisation to give another proof that the category of dI-domains and stable functions is Wcartesian closed. Hints: consider for each X n K(D) the projection de ned by p(x) = fd^x j d 2 X g proceed as in the proof of proposition 5.2.4.

Exercise 12.3.15 (stable neighborhoods Zha91]) Let D be an !-algebraic meet cpo satisfying property I . (1) Characterise ff 1 (>) j f : D !st Og. (2) Such sets are ;

called stable neighborhoods. Prove that they are closed by intersection but not by union. (3) Show that there is no topology for which the stable functions are continuous. Hint: consider the stable functions from O O to O. There are four possible choices of a topology for O show that for each choice the sets of stable and continuous functions do not coincide. (4) Characterise stable functions as those functions that preserve stable neighborhoods by inverse image.

Exercise 12.3.16 Show that property I may not be preserved by the function space construction with the pointwise ordering. Hints: take (! ! O) ! O de ne fn (x) =

> i x n, and consider the step functions fn ! >.

?


318

Exercise 12.3.17 (1) If D is a complete !-algebraic lattice with property I , show: (D !st O) = K(D) , with the at ordering on K(D). (2) On the other hand, given a at cpo E , show that (E !st O) = (P (E ) ) + O, where + is the coalesced sum ?

?

(cf. de nition 1.4.22).

12.4 Stable Binite Domains * We investigate the stable version of bi niteness. Stable projections are better behaved than the continuous ones. Stable bi nite domains enjoy a characterisation similar to that for bi nite domains (cf. theorem 5.2.7). They lend themselves to a simple theory of retractions. In particular, there is a retraction of all retractions. Also, there exists a universal bi nite domain.

Proposition 12.4.1 Let D be a meet cpo, and let p q : D !st D be such that p q st 0

id. Then: 1 : p q = p ^ q: 2 : p is a projection: 3 : im (p) is downward closed:

Proof. (1) Remark rst that since p and q are bounded their glb exists. Next observe qd d ) p(qd) = pd ^ qd = (p ^ q)(d):

(2) For p = q we obtain from (1): p(pd) = pd ^ pd = pd. (3) d pd ) pd = p(pd ) ^ d = pd ^ d = d 0

0

0

2

Proposition 12.4.1 justi es the following de nition.

Denition 12.4.2 (stable projection) Let D be a meet cpo. A stable function p : D !st D such that p st idD is called a stable projection. If moreover im (p) is nite, p

is called nite. A stable injection-projection pair is an injection-projection pair whose projection is a stable projection.

Now we de ne stable bi nite domains (cf. de nition 5.2.2).

Denition 12.4.3 (stable binite) A meet cpo D is called a stable bi nite domain if the nite stable projections p : D !st D form a directed set which has as lub the identity (in the stable ordering). We call Bif the category of stable bi nite domains and stable functions. ^

Proposition 12.4.4 (stable binites-CCC) 1. Stable bi nite domains are alge-

braic and satisfy property I . The compact elements are those of the form p(x), where p is a nite stable projection. 2. The category Bif of stable bi nites and stable functions is cartesian closed. ^

12.4. STABLE BIFINITE DOMAINS *

319

Proof. Cf. the proof of proposition 5.2.4. (1) The satisfaction of I follows from proposition 12.4.1 (3). (2) All we have to do is to check that if p q are nite stable projections, then both p q and r de ned by r(f ) = x:q(f (p(x))) are stable projection. (d e) (d e ) ) (p(d) q(e)) = (p(d ) ^ d q(e ) ^ e) = (p(d ) q(e )) ^ (d e). We have to show that f st g implies r(f ) = r(g) ^ id , that is, for all d: 0

0

0

0

0

0

qn(f (p(d))) = q(g (p(d))) ^ f (d):

We set (d) = q (f (p(d))) and (d) = q (g (p(d))) ^ f (d). Observe:

f (p(d)) f (d) q st id f (d) g(d) q st id p(d) d f st g

) ) )

q(f (p(d))) = q(f (d)) ^ f (p(d)) q (f (d)) = q(g (d)) ^ f (d) f (p(d)) = f (d) ^ g (p(d)) :

g(p(d)) g(d) q st id

)

(d) = q (g (d)) ^ g (p(d)) ^ f (d):

Therefore: (d) = q (g (d)) ^ f (d) ^ g (p(d)). On the other hand:

2

So (d) = (d).

Exercise 12.4.5 A stable bi nite domain D is called a stable !-bi nite domain if it is

!-algebraic. (1) Show that D is a stable ! -bi nite domain i id is the lub of a countable increasing chain of nite stable projections. (2) Show that the stable ! -bi nite domains form a full sub cartesian closed category of Bif . ^

Characterisation of stable binites.

The main result here is a characterisation of the objects in Bif . Roughly they are algebraic meet cpo's satisfying a combination of properties M (de nition 5.2.6) and I that we call (MI ) . In rst approximation, the combined property (MI ) consists in asking that the iteration of the operator that computes the mub's and the operator that computes the principal ideals on a nite collection of compacts returns a nite collection. It is convenient to decompose property I in simpler properties. ^

1

1

Denition 12.4.6 Let D be a cpo. We de ne the three properties I1 I2, and I3 as follows:

(I1 ) Every decreasing sequence of compacts is nite:

(fxn gn ! K(D) and 8 n 2 ! xn xn+1 ) ) fxn gn ! is nite: 2

2

(I2 ) Every increasing sequence of compacts under a compact is nite:

(fxg fxn gn ! K(D) and 8 n 2 ! xn xn+1 x) ) fxn gn ! nite: 2

2


320

(I3 ) The immediate predecessors of a compact are in nite number:

x 2 K(D) ) pred (x) is nite

where pred (x) = fy 2 D j y xg

Proposition 12.4.7 Let D be an algebraic cpo. Then it has property I i it has properties I1 , I2 , and I3 .

Proof. ()) Observe that fxngn ! and pred (x) are contained in # d (where d is an appropriately chosen compact). (() Let d 2 K(D). First observe that # d K(D). If there is a non Wcompact element x under d, then # x \K(D) is directed since D is an algebraic cpo, and (# x \K(D)) = x. So we can build an in nite strictly ascending chain under d, contradicting I2. Property I2 also implies that pred (d) is complete in the sense that 2

e < d ) 9e

0

2 pred (d) e e < d: 0

Otherwise we can again build a strictly growing chain under d. Now de ne

X0 = fdg

Then:

S

Xn+1 =

fpred (x) j x 2 Xn g Xn:

n ! Xn =# d and 9 n 2 ! Xn 8 x 2 K(D) pred (x) is nite

= Xn (by property I1 ) (by property I3 ): Hence all Xn 's are nite, which implies that # d is nite5 . 2

+1

2

Figure 12.3 presents typical situations where property I fails.

Lemma 12.4.8 1. If D is an algebraic cpo satisfying property I1, then K(D) j= m

(cf. de nition 5.2.6). 2. If D is an algebraic meet cpo such that K(D) j= m, then D is an L-domain (cf. de nition 5.2.11. 3. Stable bi nite domains are L-domains.

Proof. (1) Given any upper bound y of X , there exists a compact y y that is also an upper bound for X . By the property I1 there exists y y such that y 2 MUB (X ). Otherwise we could build an in nite decreasing chain under y . (2) Let A K(D) and x 2 UB (A), and suppose y1 y2 x and y1 y2 2 MUB (A). Then y1 ^ y2 2 MUB (A), which forces y1 = y2 . We then conclude by exercise 5.2.13. 0

00

0

00

0

(3) This follows immediately from (1) and (2), since stable bi nite domains are algebraic and satisfy property I by proposition 12.4.4. 2 5

This is the contrapositive of Konig's lemma adapted to directed acyclic graphs.


321

(A) I1 fails for f?g !, with ! = fn j n 2 !g, ordered as follows:

? minimum

(m n i n m)

(B) I2 fails for ! f1 ag, ordered as follows:

x y i y = a or (y = 1 and x 2 ! f1g) or (x y 2 ! and x y )

(C) I3 fails for ! f? ag, ordered as follows:

8n 2 ! ? n a

Figure 12.3: Failure of property I As a consequence, the operator U (cf. theorem 5.2.7) is idempotent for stable bi nite domains (cf. proposition 5.2.15). This indicates that a more liberal operator than U has to be introduced in order to characterise stable bi niteness in a way similar to the characterisation of bi niteness. We have already exploited the fact that images of projections are downward closed. This should motivate the following de nition.

Denition 12.4.9 (property (MI ) ) Let (P ) be a poset, and let X n P . We 1

set U # (X ) = U (# (X )). Let (U #) (X ) be the least set containing X and closed with respect to the U # operator. We say that X has property (MI ) if (U #) (X ) is nite. If D is an algebraic meet cpo, then we say that D has property (MI ) if 1

1

1

1

8 X n K(D) X has property (MI )

1

:

Let D be an algebraic meet cpo. If D has property (MI ) then it also has property I and property M , as if x y 2 K(D) then 1

# x (U#) (fxg) 1

and U (fx y g) (U #) (fx y g): 1

The converse does not hold: see example 12.4.13.

Theorem 12.4.10 A cpo D is a stable bi nite i D is an algebraic meet cpo with property (MI ) . 1

Proof. Cf. the proof of theorem 5.2.7. ()) If X

n K(D), then X p(D) for some nite stable projection. The argument in the proof of theorem 5.2.7 yields not only U (X ) p(D), but also (U #)(X ) p(D). W (() Let A n K(D), and consider pA de ned by pA (y ) = ((U #) (A)\ # y ). Notice the use of the (U #) operator, instead of U . The fact that B = (U #) (A) is 1

1


322

downward closed serves in establishing pA st id , (A B ) pA st pB ), and that pA is stable. We only check pA st id . Let x y . We check pA (y) ^ x pA (x). Since pA (D) = (U #) (A) is downward closed, we have pA (y ) ^ x 2 (U #) (A), hence pA (y ) ^ x pA(X ) by de nition of pA . 2 1

1

This characterisation of stable bi nites allows us to prove that the category of event domains is a full subcategory of the category of stable bi nites.

Exercise 12.4.11 Show that any event domain is stable bi nite. Hints: In a Scott W domain, all glb's exist, and S U (X ) = f Y j Y n X and Y boundedg, for all nite X . Show that (U #) (X ) X , for any n. 1

We now list without proof some results from Ama91a] towards the goal of a Smyth like theorem: is Bif the maximum cartesian closed full subcategory of ! -algebraic meet cpo's and stable functions? It turns out that properties M , I1 , and I2 are necessary to enforce the ! -algebraicity of function spaces. One can also show that property I3 is necessary under a rather mild hypothesis. The necessity of property (MI ) is still open. In the rst place, a stable version of theorem 5.2.17 holds: in any full subcategory of algebraic meet cpo's if the terminal object, the product, and the exponent exist then they coincide up to isomorphism with the ones de ned in Cpo . The proof is basically the same as in the continuous case. Here is a summary of the results in Ama91a] ^

1

^

If D and D !st D are !-algebraic meet cpo's, then D has properties M , I

1

and

I2 . (Property M is not necessary if we do not ask for the countability of compact elements.)

If D and D !st D are !-algebraic meet cpo's and, for each d 2 K(D), # d !st # d is an ! -algebraic meet cpo, then D has property I3.

The following properties serve as stepping stones in the proof. If D and D !st D are ! -algebraic meet cpo's, then: If d 2 D, then # d is an ! -algebraic lattice. If d 2 K(D) and # d is distributive, then # d is nite. If # d is distributive for each d 2 K(D), then D has property I: Of the two following examples 12.4.12 and 12.4.13, the rst, due to Berry, illustrates a situation where I2 does not hold, while the second shows that M +I does not imply (MI ) . 1

Example 12.4.12 Let D be example (B) from gure 12.3. This domain is a wellfounded chain, hence D !st D = D !cm D = D !cont DW. We claim that any continuous function h such that h(a) = a is compact. If h st K , then _ a = h(a)

fk(a) j k 2 K g

hence a = k(a) for some k 2 K , by compactness of a. We prove the following subclaim:

(h(a) = a k(a) = a h "st k) ) h = k:


323

Indeed, k(x) = k(x) ^ h(a) = k(a) ^ h(x) = h(x). By the subclaim we have h 2 K , which proves a fortiori that h is compact. But the set fh j h(a) = ag is not countable (any monotonic function from natural numbers to natural numbers yields an h in the set, and a diagonalisation argument can be applied). Therefore D ! D, ordered by the stable ordering, is not ! -algebraic.

Example 12.4.13 Let D = f?g !B !T where !B = fnB j n 2 !g and !T = fnT j n 2 ! g, ordered as follows:

? is the minimum nB nT (n + 1)T (n 0) nB (n ; 1)T (n 1) :

Observe that (U #) (fiT g) = D and that iT is compact. If D were bi nite there would exist a nite stable projection pn such that pn (iT ) = iT , which implies (U #) (fiT g) im (pn ). Contradiction. As a matter of fact this example also shows that the iteration of the U # operator does not need to collapse at any nite level. 1

1

Example 12.4.13 also serves to illustrate the case of a compact function with an in nite trace. Let D be as in this example. Clearly trace (id D ) is in nite. We show that id D (id for short) is a compact element of the functional space. We write f =k id if 8 i k f (iB ) = iB and f (iT ) = iT . We rst claim: f =k id f st id ) f =k+1 id : This follows from f st g (k + 1)B kT ) f ((k + 1)B ) = kT ^ (k + 1)B = (k + 1)B (f ((k + 1)T ) = (k + 1)T is proved similarly). kB f ((k + 1)T ) : f st g kB (k + 1)T ) kB = f (kB ) = f ((k + 1)T ) ^ kB : (k + 1)B f ((k + 1)T ) : (k + 1)B = f ((k + 1)B ) f ((k + 1)T ): f ((k + 1)T ) (k + 1)T : This follows obviously from f st id . Applying the claim repetitively, we Wget that if f =0 id (and f (?) = ?) and f st id , then f = id . Suppose now that id = (cf. remark 12.4.20). Then we may choose f 2 such that f =0 id , hence f = id , and id is compact.

A retraction of all retractions.

Scott Sco80] has shown that the collection of nitary retractions (cf. de nition 7.4.1) over a bounded complete algebraic cpo D is the image of a nitary retraction over the space D !cont D of continuous functions. In the stable case Berardi Ber91] was apparently the rst to observe that when working over dI-domains the image of a stable retraction is still a dI-domain. It was then possible to adapt Scott's technique to show that the set of retractions over a dI-domain is itself the (image of a) retraction. We shall give the corresponding of Berardi's result for stable bi nites. The proof exploits the fact that stable bi nites can be described as directed colimits of stable projections. A retraction of all retractions serves to provide a model for a type theory with a type of all types (see exercise 11.3.5).

324


Proposition 12.4.14 Let D be a stable bi nite and rD be a stable retraction over D. Then r(D) is a stable bi nite.

Proof. Let p : D !st D be a nite projection. De ne q = r p r. We have q st r id r = r moreover im (q ) is nite. Moreover, since the lub of the p's is id , the lub of the q 's is r. 2 We give a simple proof of the fact that the collection Ret (D) of the stable retractions over a stable bi nite D is a retract of its functional space D !st D. The keyvault of the construction is to observe that given f : D !st D, with im (f ) nite, there is a natural way to associate to f a retraction, namely iterate f a nite number of times. First we recall a simple combinatorial fact. Lemma 12.4.15 Let X be a set and let f : X ! X , with im (f ) nite. Then ]ff k j k 1g \ Ret (X ) = 1. Proof. First observe 8 k 1 im (f k+1) im (f k ). Since im (f ) is nite the following h is well de ned: h = minfk 1 j im (f k+1 ) = im (f k )g. Hence the restriction of f to im (f h ) is a permutation (being a surjection from im (f k ) onto itself). Let n = ]im (f h ): then (f h )n! is the identity on im (f h ), and therefore is a retraction over X . As for the uniqueness observe that if f i f i = f i and f j f j = f j for i j 1 then f i = f ij = f j .

2

Lemma 12.4.16 Let D be a stable bi nite domain. Then for any f : D !st D and any p st id:

]f(f p f )k j k 1g \ Ret (D) = 1: Proof. The niteness of im (p) implies the niteness of im (f p f ) f (im (p f )), and the conclusion then follows from lemma 12.4.15. 2 Lemma 12.4.17 If D is a meet cpo, then Ret (D) is a meet cpo (with the order induced by D !st D). Proof. Analogous to the continuous case. 2 Theorem 12.4.18 Given a stable bi nite D the collection Ret (D) of stable retractions is a retract of the functional space D !st D. Proof. In the hypotheses of lemma 12.4.16 we write fp = f p f kp = ]im (p)! : Note that kp is a multiple of the least k such that fpk 2 Ret (D), and is independent from f . The crucial remark is that r 2 Ret (D) ) rp 2 Ret (D) because by the de nition of stable order, for any x: rp st r r = r rp(x) r(x) ) rp(rp(x)) = rp(r(x)) ^ r(rp(x)) = rp(x):


325

Notice that the form of fp has been precisely chosen to have rp(rd) = rpd and r(rpd) = rpd. We de ne : (D !st D) !st Ret (D) as follows:

(f ) =

_

p

st

id

(fp )kp :

We check that this de nition is correct. First, we observe, for p st q : (fp )kp = (fp )kp kq st (fq )kp kq = (fq )kq :

It follows that f(fp)kp j p st id g is directed. Hence (f ) is de ned and is a retraction, since the join of a directed set of retractions is a retraction. Also, is a retraction, because _ kp _ r 2 Ret (D) ) (r) = (rp) = rp = r r = r: p

st

p

id

id

st

Next we show that preserves binary compatible glb's. Suppose f g st h. Since the composition operation is cm (cf. exercise 12.1.11), we have W k (f ^ g ) = W = Wp st id (fp ^ gp)kp W p st id ((f ^ g )p) p W = p st id (fp )kp ^ (gp)kp = ( p st id (fp )kp ) ^ ( p st id (gp)kp ) = (f ) ^ (g ) : It remains to show that preserves directed sets. Let H be a directed set in D !st D. We have W W ) p (W H ) = W (h p h) = W h (W H )p = ( H W p p h H h H p ( h H hp )kp = h H (hp)kp : Hence

2

2

_

( H ) =

2

_ _

p

st

2

id

(( H )p)kp =

_ _

p

st

id h2H

(hp )kp =

_ _

h Hp 2

st

id

(hp)kp =

_

h H

(h):

2

2

Exercise 12.4.19 1. Let D be a meet cpo and suppose that p is a stable projection.

Show that if D is an (! -)algebraic meet cpo (stable bi nite) then im (p) is an (! )algebraic meet cpo (stable bi nite). 2. Show that if D is a stable bi nite then Prj (D) =# (id D ) is a stable bi nite and a lattice.

Exercise 12.4.20 Show that the identity is always a maximal element in the stable ordering. (In particular, the only stable closure is the identity.)

Exercise 12.4.21 Let D be the cpo of example 12.1(A). Show that it is not the case that Prj (D) is (the image of) a projection of D de ned by

p1 (x) =

(

a

?

if x a otherwise

p2(x) =

(

b

?

!st

if x b otherwise

D. Hints. Consider p1 p2 f f (x) =

(

d if x = c x otherwise :


326

Show that p1 p2 are stable projections, that f is stable, and that p1 p2 st f . Suppose that : (D !st D) !st Prj (D) is a projection. Then p1 p2 st (f ) st f . Derive a contradiction by showing that there is no stable projection p such that p1 p2 st p other than id, using that MUB (fa bg) = fc dg.

We end the section with a brief account of universality in the stable bi nite framework DR93].

Proposition 12.4.22 Let Bif

^

ips be the category whose objects are the ! -algebraic

cpo's which are stable bi nite domains and whose arrows are the stable injectionprojection pairs (notation: (i j ) : D !ip s D ). The following properties hold: 1. Bif ips is an ! -algebroidal category and the collection of compact objects has the amalgamation property. 2. Bif ips has a universal homogeneous object. 0

^

^

Proof hint. (1) The proof follows the pattern of the one for the continuous case. Let

us just show that Bif ips has the amalgamation property. Consider three nite posets (E ) (D1 1 ) (D2 2 ) with functions (h+i hi ) : E !ip s Di, (i 2 f1 2g), in Bif ips . Without loas of generality we may assume E = D1 \ D2. Then ^

;

^

8 e e 2 E e e , (e e and e e ): Now we de ne the amalgam as F = E (D nE ) (D nE ). It is helpful to recall that 0

0

1

1

E is downward closed in Di, so we de ne: f F f , 9 i 2 f1 2g f f

0

2

0

2

2 Di and f i f : We are left with the de nition of the morphisms (ki ki ) : Di !ip s F (i 2 f1 2g). 0

0

0

+

Take the inclusions for ki . De ne: +

k1 (f ) =

(

;

;

f if f 2 D1 h2 (f ) otherwise : ;

k2 is de ned symmetrically. ;

2

(2) By theorem 7.3.11.

Exercise 12.4.23 Prove that Cpo has limits of !op -diagrams. By analogy with what was done in chapter 7, study the representation problem of the functors over Bif ips as ^

^

stable function over Prj (U ), where U is some universal (homogeneous) domain. Show that product and exponent are representable.

12.5 Connected glb's * Following Taylor Tay90a], we focus on a characterisation of stable functions by the property of preservation of all connected glb's. This leads to another cartesian closed category of stable functions, exploiting a dierent kind of distributivity (of connected

12.5. CONNECTED GLB'S *

327

glb's over directed lub's), whereas in the previous section we had focused on distributivity of binary glb's over binary compatible lub's. In section 12.6, we investigate the objects of the latter category in more depth. First we introduce the notions of connected set and of connnected meet cpo. These notions are related with those of L-domain and of continuous dcpo investigated in chapter 5.

X is connected if for any two points x y of Y there exists a zigzag between them in Y , that is, x = z0 ? z1 ? ? zn = y , where ? stands for or , and where zi 2 Y for all i. Denition 12.5.1 (connected) Let X be a partial order. We say that Y

The notion of zigzag induces a natural equivalence relation over any subset Y X : for x y in Y , write x y if there exists a zigzag from x to y in Y . The equivalence classes for this relation can be seen as the disjoint connected components of Y .

Proposition 12.5.2 If X is a connected partial order, then its Alexandrov topology

is locally connected, i.e., every open is a disjoint union of connected opens. If D is a connected dcpo, then its Scott topology is locally connected.

Proof. First note that if Y is upper closed, then the connected components are also upper closed, and that if X is a cpo and if Y is Scott open, then the connected

components are also Scott open. Let U V be opens such that U \ V = and Y U V . Suppose that x = z0 ?z1 ? ?zn = y is a zigzag in Y from x 2 U to y 2 V . Let i be such that zi 2 U and zi+1 2 V . Then, since U V are upper closed, either zi 2 V or zi+1 2 U , contradicting U \ V = . Conversely, if Y cannot be divided in components, then it has only one equivalence class for the zigzag relation, i.e., it is connected in the graph-theoretic sense. 2 Lemma 12.5.3 A partial order X has compatible binary glb's i any zigzag, viewed as a collection of points, has a glb. Proof. By induction on the length of the zigzag, in the notation of de nition 12.5.1. If the last ? is , then clearly z0 ^^ zn = z0 ^^ zn 1 if it is , then z0 ^^ zn 1 and zn both have zn 1 as an upper bound, hence z0 ^ ^ zn = (z0 ^ ^ zn 1 ) ^ zn exists. 2 Denition 12.5.4 In a partial order X , a multilub of a subset Y X is a set J of upper bounds of Y that is multiversal, i.e., such that any upper bound x of Y dominates a unique element of J . ;

;

;

;

Proposition 12.5.5 For a partial order, the following properties are equivalent: 1 : All compatible binary glb's and codirected glb's exist: 2 : All connected glb's exist: 3 : All # x's have all glb's: 4 : All # x's have all lub's: 5 : All subsets have multilub's: We call such partial orders L partial orders.


328

Proof. (1) ) (2) Let Y X be connected. Let Z be the set of the glb's of all nite zigzags in Y (Z is well de ned by lemma 12.5.3). Clearly, if Z has a glb, then its glb is also the glb of Y . Thus it is enough to show that Z is codirected. Let z0 ^^ zn 2 Z and z0 ^ ^ zn 2 Z . Then by connectedness one may build a zigzag between zn and z0. Then the glb of the zigzag obtained by joining these three zigzags is in Z and is a lower bound of z0 ^ ^ zn and z0 ^ ^ zn . (2) ) (3) Let Y # x. Then Y fxg is connected, hence has a glb in X , which is the same as the glb of Y (this includes the limit case Y = ). (3) ) (1) Let x1 x2 be a bounded pair. Its glb exists in # x, for any upper bound x of x1 x2, and is their glb in X . For codirected glb's, notice that if Y is codirected, and x 2 Y , then Y and Y \ # x have the same glb if any. 0

0

0

0

0

0

0

(3) , (4) For a partial order, having all glb's is equivalent to having all lub's. (4) ) (5) LetW Y X . Consider the W collection Z of all upper bounds of Y . We form the set J = f z Y j z 2 Z g, where z denotes a lub taken in # z . Clearly, this is a set of bounds of Y , and by construction every upper bound z 2WZ of Z Wdominates Wzupper W z 1 are left to show the uniqueness: if z W Y , then z1 Y z YWsince Wz1YY 2isJ .anWeupper boundW of Y in # z . Next, z1 z Y follows, since z1 z1 Y . W W z z z Finally we have Y 1 Y (whence the uniqueness), since since Y is an upper bound of Y in # z1 . (5) ) (4) Obvious. 2 The terminology of L partial order is in accordance with that of L-domain (cf. de nition 5.2.11), as shown in exercise 12.5.6.

Exercise 12.5.6 (1) Show that a cpo is an L partial order i all its nite subsets

have multilub's. (Hint: use characterisation (5) of proposition 12.5.5.) (2) Show that, relaxing the niteness assumption, proposition 5.2.15 provides a sixth characterisation of L partial orders.

Proposition 12.5.7 1. Let D and VD be cpo's, and V lef fV: D ! D be stable. Then 0

0

for any connected X D such that X exists, f ( X ) = f (X ). 2. If all connected glb's exist, the stable functions are exactly the continuous functions preserving connected glb's.

Proof. (1) f (V X ) is a lower bound of f (X ) by monotonicity. Suppose that z f (X ). We show that all m(f x z )'s are equal, for x ranging over X . This follows obviously from the fact that for two comparable x1 x2, we have (f x1 z ) = m(f x2 z ). V X mand Let z stand for this common value. Then we have z z f (z). Therefore V z f ( X ). 0

0

0

0

0

0

(2) This follows from proposition 12.2.2, observing that the preservation of the glb of a bounded set M can be rephrased as the preservation of the glb of the connected set M fxg, where x is an upper bound of M . 2

12.5. CONNECTED GLB'S *

329

To get cartesian closedness, similarly to the cm case, a property of distributivity (or continuity of glb's) is required, namely that connected glb's distribute over directed lub's. Equivalently, the domains are required to be continuous L-domains (see section 12.6).

Denition 12.5.8 (connected meet cpo) A connected meet cpo is a cpo which is an L partial order such that connected glb's distribute over directed lub's, that is, if fj gj J is an indexed collection of directed sets, and if fW j j j 2 J g is connected, then ^_ _ ^ 2

j J

( j ) =

2

f

j J

xj j fxj gj

2

J

2 j J j g: 2

2

Theorem 12.5.9 (continuous L-domains - CCC) The category CLDom6 of connected meet cpo's and stable functions is a cpo-enriched CCC.

Proof. The composition of two stable functions is stable, because a monotonic func-

tion maps connected sets to connected sets. As for cm functions and stable functions, directed lub's and binary compatible glb's of stable functions areWde ned pointwise. Let H dir D !st D . The lub of H is h de ned by h(x) = ff (x) j f 2 H g. We check that h is stable. Let X = fxi j i 2 I g be connected: 0

W (f (V X )) hV(V X ) = V f HW WV i I h(xi ) = i I ( f H f (xi )) = f i I fi (xi ) j ffi gi 2

2

2

2

I

2

2

2 i I H g : 2

The distributivity gives us too many glb's: we are only interested in the families ffi g which are constant. We cannot use the same argument as in the cm case, because we do not have an upper bound available for a family like ffi g . We claim:

^

ffi (xj ) j i j 2 I g (= ^ fi(^ X )): i I i I V The claim V can be reformulated as 8 i j i I fi (xi ) fi (xj ): For xed i, we prove the inequality i I fi (xi) fi (xj ) by induction on the length of the zigzag V from xi to xj . Let xk be the point preceding xj in the zigzag. Thus by induction i I fi (xi ) fi (xk ). fi (xi) =

^

2

2

2

2

2

There are two cases:

xk xj : Vi I fi(xi) fi(xj ) follows obviously by monotonicity. xj xk : Let f 2 H be such that fi fj f . We have fi (xj ) = fi(xk ) ^ f (xj ) fi (xk ) ^ fj (xj ): 2

Using induction, we get

^

i I

fi (xi ) fi (xk ) ^ fj (xj ) fi (xj ):

2

6

This name will be justied by theorem 12.6.6.


330

Turning back to the stability of h, we are left to show:

_

^

f H

(f ( X )) =

_^ ^

f

i I

2

fi ( X ) j ffi gi

I

2

2 i I H g: 2

2

() Take the constant family f . V V W V W V () i I fi ( X ) i I fi ( X ) f H (f ( X )). V Let K be a connected subset of D !st D. Its glb k is de ned by k(x) = f K f (x). k is stable: the preservation of glb's is obvious, but the continuity requires a proof, W which is somewhat dual to the proof of stability of H . We write K = ffi j i 2 I g. 2

2

2

2

W ) = V (W f ()) = WfV f ( ) j f g i i i I i i Wk(k() Wi I i = k( ) : We claim: ^ ^ ^ 2

I

2

2

2 i I g 2

2

ffj ( i) j i j 2 I g (= k( i)): i I V The claim V can be reformulated as 8 i j i I fi ( i ) fj ( i ). For xed i, we prove the inequality i I fi ( i ) fj ( i ) by induction on the length of the zigzag V from fi to fj . Let fk be the point preceding fj in the zigzag. Thus by induction i I fi ( i ) fk ( i ). i I

fi( i) =

2

2

2

2

2

There are two cases: fk fj : Vi I fi( i) fj ( i) follows obviously by monotonicity. fj fk : Let 2 such that i j . We have 2

fj ( i) = fk ( i) ^ fj ( ) fk ( i ) ^ fj ( j ):

Using induction, we get

^

i I

fi ( i ) fk ( i ) ^ fj ( j ) fj ( i):

2

Turning back to the continuity of k, we are left to show:

_

2

k( ) =

_^

f

i I

k( i ) j f igi

2

I

2 i I g: 2

2

() Take the constant family . V W W () i I k( i ) i I k( i ) k( ). 2

2

2

k is a lower bound of K : Let x y, and let f 2 K . We have to prove that z f (x) k(y) implies z k(x), i.e., z f (x) for all f 2 K . It is enough to check this for f st f or f st f : f st f : then a fortiori f ext f , hence z f (x) f (x). f st f : then a fortiori z f (x) f (y), hence z f (x) ^ f (y) = f (x). 0

0

1

0

1

0

1

1

0

1

1

0

0

1

0

0

1

1

0

1

1

12.6. CONTINUOUS L-DOMAINS *

331

k is the greatest lower bound of K : Suppose k st K . We show k st k. Let x y, and let f 2 K : k(x) ^ k (y ) = k(x) ^ f (x) ^ k (y ) = k(x) ^ k (x) = k (x). 2 1

0

1

0

1

1

1

1

Summarizing, we have obtained cartesian closure for two categories of stable functions exploiting two dierent sorts of distributivity: the (compatible) distributivity of binary meets over binary joins, and the distributivity of connected glb's over directed lub's, respectively. The proof techniques are quite dierent too, since Berry's proof uses the de nition of stability through minimal points, while in Taylor's category the techniques used for meet cpo's and cm functions are extended to the connected glb's. Exercise 12.5.10 Show that a dI-domain satis es the distributivity of connected glb's over directed lub's. Hint: go through stable event structures.

12.6 Continuous L-domains * In this section we show that connected meet cpo's can be alternatively presented as continuous L-domains. We call continuous lattice a partial order which is both a complete lattice and a continuous cpo (cf. de nition 5.1.1). We rst investigate some properties of continuous lattices. Recall example B.5.3: if X Y are partial orders which have all glb's (i.e., are complete lattices), a monotonic function f : X ! Y has a left adjoint i f : X ! Y preserves all glb's.

Remark 12.6.1 The complete lattice assumption V in example B.5.3 can be weakened to the requirement that the glb's of the form involved in the proof.)

fz j y f (z)g exist. (They are the ones

Remark 12.6.2 Stable functions do not preserve enough glb's to have a left adjoint:

the set fz j y f (z )g is not bounded in general, nor connected. But stable functions preserve enough glb's to be characterised as having a multi-adjoint (cf. de nition 12.2.1). Indeed, the proof of proposition 12.2.2 is a variation of the proof of example B.5.3.

We shall apply example B.5.3 to (subclasses of) continuous dcpo's. First we characterise continuous dcpo's by an adjunction property.

Proposition 12.6.3 A dcpo D is continuous i W : Ide (D) ! D has a left adjoint. Proof. (() Call g the left adjoint of W. For any ideal I and any x we have: x W I

i g (x) I . We show that g (x) =+ (x). + (x) g(x): We have x W g(x) by adjointness. Hence if y ! x, we have y 2 Wg (x) by de nition of ! and of ideal. Thus + (x) = g (x) is directed, and x = (+ (x)) since x dominates + (x). g(x) + (x): If y 2 g(x), then for any idealW I such that x W I we have y 2 I . Hence for any directed such that x , we have y for some 2 , which means exactly y ! x.


332 ()) Obvious.

2

Proposition 12.6.4 A complete lattice D is continuous i arbitrary glb's distribute over directed lub's, that is, if fj gj J is an indexed collection of directed sets, then 2

^_

j J

( j ) =

_ ^

f

2

j J

xj j fxJ gj

2

J

2 j J j g: 2

2

Proof. We rst show that idealsTare closed under intersection. Let fIj gj J be a collection Take x1 x2 2 j J TIj . In each Ij we can pick yj x1 x2. Then V y is ofanideals. upper bound for x1 x2 in j J Ij . j j J W By proposition 12.6.3 and example B.5.3, D is continuous i preserves the intersection of ideals. Hence D is continuous i _\ ^_ Ij = ( Ij ) for any fIj gj J 2

2

2

2

j J 2

2

j J 2

which is equivalent to the equality of the statement since T j J j g = j J # (j ). 2

# fVj J xj j fxJ gj J 2 2

2

2

2

We can require less glb's. Indeed, connectedness suces to make the above proof work. We now adapt proposition 12.6.4 to L-domains, i.e., L partial orders which are complete (cf. de nition 5.2.11).

Lemma 12.6.5 W Let D be an L-domain. If TfIj gj J is an indexed collection of ideals of D, and if f Ij j j 2 J g is connected, then

Proof. Take x1 x2 2 Tj J Ij , and pick yj

2

j J Ij is an ideal. 2

x1 x2 in each Ij . We show that the collection fyj gj J is connected. Indeed, for any j1 j2 2 J , we have 2

2

yj1

_

_

Ij1 ? ? Ij2 yj2 : V T Hence j J yj exists, and is a bound for x1 x2 in j J Ij . 2 Theorem 12.6.6 An L-domain D is continuous i it is a connected meet cpo. Proof. We adapt the proof of proposition 12.6.4. We know that D is continuous i W 2

2

preserves the intersection of ideals, provided \enough" of these intersections exist: by W remark 12.6.1,W we have to check that fI j y W I g satis es the conditions of lemma 12.6.5: y =W (# y ) implies # y 2 fI j y I g, from which theVconnectedness of W W T W f I j y I g follows. Therefore D isWcontinuous i ( j J Ij ) = j J ( Ij ) for any collection fIj gj J of ideals such that f Ij j j 2 J g is connected. This isWequivalent to the following property for any collection of directed sets j such that f j j j 2 J g is connected: _ ^ f xj j fxj gj J 2 j J j g = ^ (_ j ) 2

2

2

j J

2

2

j J

V W provided the glb's Wj J xj in the equality exist. Since f j j j 2 J g is connected, we also have that f j j 2 J g fx j j 2 J g is connected, and its glb is the glb of 2

2

fxj j j 2 J g.

j

2

j

2

12.6. CONTINUOUS L-DOMAINS * (1) (1') (2) (3)

meet cpo's and cm functions distributive meet cpo's and cm functions distributive meet cpo's and stable functions connected meet cpo's and stable functions Domains satisfying I (stable = cm)

(4) stable bi nite domains axiomatised via:

nite stable projections

property (MI ) (5) event domains axiomatised via:

event structures (concrete)

I , (C), (S) (abstract) (6) dI-domains axiomatised via:

d I (abstract)

coprime algebraic + I (abstract)

bounded complete + nite projections (abstract)

coprime event structures (concrete)

stable event structures (concrete) (7) qualitative domains (8) coherence spaces 1

8 (5) (4) (exercise 12.4.11) (1) >> < ) (1) (8) (7) (6) > (1 >: (2) 0

(3) (exercise 12.5.10)

Figure 12.4: CCC's of stable and cm functions

333

334


Chapter 13 Towards Linear Logic Girard's linear logic Gir87] is an extension of propositional logic with new connectives providing a logical treatment of resource control. As a rst hint, consider the linear -terms, which are the -terms de ned with the following restriction: when an abstraction x:M is formed, then x occurs exactly once in M . Linear -terms are normalised in linear time, that is, the number of reduction steps to their normal form is proportional to their size. Indeed, when a -reduction (x:M )N occurs , it involves no duplication of the argument N . Thus all the complexity of normalisation comes from non-linearity. Linear logic pushes the limits of constructivity much beyond intuitionistic logic, and allows in particular for a constructive treatment of (linear) negation. A proper proof-theoretic introduction to linear logic is beyond the scope of this book. In this chapter, we content ourselves with a semantic introduction. By doing so, we actually follow the historical thread: the connectives of linear logic arose from the consideration of (a particularly simple version of) the stable model. In section 13.1, we examine stable functions between coherence spaces, and discover two decompositions. First the function space E ! E is isomorphic to a space (!E ) ( E , where ( constructs the space of linear functions, and where ! is a constructor which allows reuse of data. Intuitively, linear functions, like linear terms, can use their input only once. On the other hand, the explicit declaration of reusability ! allows to recover all functions and terms. The second decomposition is the linear version of the classical de nition of implication: E ( E is the same as E } E , where is the negation of linear logic and where } is a disjunction connective (due to resource sensitiveness, there are two dierent conjunctions and two dierent disjunctions in linear logic). In section 13.2, we introduce the categorical material needed to express the properties of the new connectives. We introduce a sequent calculus for linear logic, and we sketch its categorical interpretation. In the rest of the chapter, we investigate other models in which linear logic can be interpreted. In section 13.3, we present Bucciarelli-Ehrhard's notion of strong stability, and Ehrhard's model of hypercoherences BE94, Ehr93]. Strongly stable 0

0

0

?

0

?

335

336

CHAPTER 13. TOWARDS LINEAR LOGIC

functions provide an extensional (although not an order-extensional) higher-order lifting of rst-order sequentiality (cf. section 6.5). A non-extensional treatment of sequentiality, where morphisms at all orders are explicitly sequential, and in which a part of linear logic can also be interpreted, is oered in chapter 14. In section 13.4 we present the model of bistructures, which combines the stable order of chapter 12 and the pointwise order of chapter 1 in an intriguing way CPW96]. Finally, in section 13.5, we show that also Scott continuous functions lend themselves to a linear decomposition based on the idea of presentations of (Scott) topologies Lam94]. Summarizing, linear logic cuts accross most of the avours of domain theory met in this book: continuity, stability, and sequentiality.

13.1 Coherence Spaces Coherence spaces oer an extremely simple framework for stability. They were briey mentioned in section 12.3. Denition 13.1.1 (coherence space) A coherence space (E _ ^) (E for short) is given by a set E of events, or tokens, and by a binary reexive and symmetric relation _ over E . E is called the web of (E _ ^ ^), and we sometimes write _ E = j(E ^)j. A state (or clique) of E is a set x of events satisfying the following consistency condition: 8 e1 e2 2 x e1 _ ^ e2: We denote with D(E ) the set of states of E , ordered by inclusion. If (E _ ^) is a coherence space, its incoherence1 is the relation ^ dened by _ e1 ^ _ e2 , :(e1 _ ^ e2) or e1 = e2: Clearly, coherence can be recovered from incoherence: e1 _ ^ e2 , :(e1 ^ _ e2) or e1 = e2: Since a coherence space E is a special case of event structure (cf. de nition 12.3.11), we already know from proposition 12.3.4 that D(E ) is a dI-domain whose compact elements are the nite states, whose minimum is ? = , and whose bounded lub's are set unions. Denition 13.1.2 We call Coh the category whose objects are coherence spaces and whose homsets are the stable functions:

CohE E ] = D(E ) !st D(E ): 0

0

Notice that the incoherence is not the complement of the coherence, since the coherence and the incoherence are both reexive. 1

13.1. COHERENCE SPACES

337

Proposition 13.1.3 The category Coh is cartesian closed. Proof. The category Coh can be viewed as a full subcategory of the category of

dI-domains, and the following constructions show that the terminal dI-domain is a coherence space, and that the products and the exponents of coherence spaces are coherence spaces.

1 = ( )

The events of E E are either either e:1, with e 2 E , or e :2, with e 2 E (with an explicit notation for disjoint unions), and the coherence is (e1:i) _ ^ (e2:j ) , i 6= j or (i = j and e1 _ ^ e2): 0

0

0

0

The events of E ! E are pairs (x e ), where x is a nite state of E , and where e 2 E , and the coherence is (x1 e1) _ ^ (x2 e2) , (x1 " x2 ) (e1 _ ^ e2 and (x1 6= x2 ) e1 6= e2))): 0

0

0

0

0

0

0

0

0

0

2

The proposition thus follows as a corollary of theorem 12.3.6.

The key observation that served as a starting point to linear logic is that the dissymetry in the pairs (state,event) indicates that ! should not be taken as primitive. Instead, Girard proposed a unary constructor ! and a binary constructor ( such that E ! E = (!E ) ( E . Denition 13.1.4 (linear exponent { coherence spaces) The linear exponent E ( E of two coherence spaces E and E is the coherence space whose events are the pairs (e e ) where e 2 E and e 2 E , and whose coherence is given by (e1 e1) _ ^ (e2 e2) , (e1 _ ^ e2 ) (e1 _ ^ e2 and (e1 6= e2 ) e1 6= e2))): Lemma 13.1.5 In E ( E , the following equivalences hold (and thus may alternatively serve as denition of coherence): (1) (e1 e1) _ (e2 e2) , (e1 _ e2 ) e1 _ e2) and (e1 ^ e2 ) e1 ^ ^ ^ ^ _ _ e2 ) ^ _ ^ (2) (e1 e1) _ (e2 e2) , e1 ^ e2 and e1 _ e2 : Proof. The equivalence (1) is clearly a rephrasing of the equivalence given in de nition 13.1.4 (turning (e1 ^ _ e2 ) e1 ^ _ e2) into :(e1 ^ _ e2) ) :(e1 ^ _ e2)). We next show that (2) is equivalent to (1). We have, by successive simple Boolean manipulations: :((e1 _ ^ e2 ) e1 _ ^_e2) and (e1 ^ _ê2 ) e1 ^ _ e2)) _ , (e1 ^ e2 and :(e1 ^ e2)) or (e1 _ e2 and :(e1 ^ _ e2)) ^ ^ _ _ , e1 ^ e2 and (:(e1 ^ e2) or (e1 _ e2 and :(e1 _ e2))) , e1 _ ^ e2 and e1 ^ _ e2 and (:(e1 _ ^ e2) or :(e1 ^ _ e2)) : 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0


338

We next observe: e1 _ ^ e2 and e1 ^ _ e2 ) ((e1 e1) = (e2 e2) or :(e1 _ ^ e2) or :(e1 ^ _ e2)): which we use as follows: (e1 e1) ^ _ (e2 e2) , ((e1 e1) = (e2 e2) or :((e1 e1) _ ^ (e2 e2)) e1) = (e2 e2) or , ((ee11_ e2 and e1 ^ e2 and (:(e1 _ e2) or :(e1 ^ ^ _ ^ _ e2))) _ ^ , e1 ^ e2 and e1 _ e2 : 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

2

The states of E ( E are in one-to-one correspondence with the linear functions from D(E ) to D(E ), which we de ne next. Denition 13.1.6 (linear function) Let (E _ ^) and (E _ ^) be two coherence spaces. A stable function f : D(E ) ! D(E ) is called linear if f (?) = ? and 8 x y (x " y ) f (x _ y) = f (x) _ f (y)) : We write D(E ) !lin D(E ) for the set of linear functions from D(E ) to D(E ). Proposition 13.1.7 Let E and E be coherence spaces. A stable function f : D(E ) ! D(E ) is linear if and only its trace (cf. theorem 12.3.6) consists of pairs of the form (feg e ). Hence we freely write, for a linear function: trace (f ) = f(e e ) j e 2 f (feg)g Moreover, trace is an order isomorphism from D(E ) !lin D(E ) (ordered by the stable order) to D(E ( E ) (ordered by inclusion). Proof. ()) Let f be linear, and let (x e ) 2 trace (f ), and suppose that x is not a singleton. If x = ?, then e 2 f (?), and this violates f (?) = ?. Otherwise, since in a coherence space any subset of a state is a state, x can be written as x1 x2, with x1 x2 < x. Then e 62 f (x1) and e 62 f (x2) by de nition of a trace, therefore e 62 f (x1) f (x2) = f (x1) _ f (x2), violating f (x) = f (x1 _ x2) = f (x1) _ f (x2). (() Suppose that f (?) 6= ?, and let e 2 f (?). Then (? e ) 2 trace (f ) by de nition of a trace, violating the assumption on trace (f ). Suppose that x1 " x2, and let e 2 f (x1 x2). Then there exists (feg e ) 2 trace (f ) such that feg (x1 x2), which obviously implies feg x1 or feg x2, and therefore e 2 f (x1) or e 2 f (x2). Finally, the isomorphism D(E ) !lin D(E ) = D(E ( E ) follows from the observation that a set of pairs (e e ) is a state of E ( E i f(feg e ) j (e e ) 2 g is a state of E ( E . 2 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

13.1. COHERENCE SPACES

339

Remark 13.1.8 A computational interpretation of the characterisation of a lin-

ear function f given in proposition 13.1.7 can be given as follows. In order to produce an atomic piece of output e , f needs to build, or explore, or consume an atomic piece of input e. In contrast, if (x e ) is in the trace of a stable function f and if x is not a singleton, then f needs to look at x \more than once", specifically ]x times, before it can produce e . In this framework, events can be viewed as units of resource consumption (see remark 14.3.22 for a dierent avour of resource counting). 0

0

0

Proposition 13.1.9 The composition of two linear functions f and g is linear, and its trace is the relation composition of trace (f ) and trace (g ).

Proof. Let, say, f : D(E ) ! D(E ) and g : D(E ) ! D(E ). The rst part 0

0

00

of the statement is obvious using the characterisation of linearity by lub and meet preservation properties. We show trace (g f ) trace (g) trace (f ). Let (e e ) 2 trace (g f ). By linearity, there exists e such that (e e ) 2 trace (g), and e 2 f (feg) (that is, (e e ) 2 trace (f )). We now show trace (g) trace (f ) trace (g f ). Let (e e ) 2 trace (f ) and (e e ) 2 trace (g ). Since e f (feg) and e g(fe g), we have e g(f (feg)), that is, (e e ) 2 trace (g f ). 2 00

0

0

0

00

0

00

0

0

0

00

00

0

00

This characterisation of the composition of linear functions by trace composition holds in general for dI-domains. Exercise 13.1.10 Show the dI-domain version of proposition 13.1.9. Hint: traces then consist of pairs of prime elements.

Denition 13.1.11 The category Cohl is the category whose objects are coherence spaces, and whose morphisms are the linear functions:

CohlE E ] = D(E ) !lin D(E ): Proposition 13.1.12 The category Cohl is cartesian. The terminal object and the products are those of Coh. Proof hint. The projection functions are linear, and the pairing of two linear 0

functions is linear.

0

2

Denition 13.1.13 (exponential {coherence spaces) Let (E _ ^) be a co-

herence space. The exponential !E (pronounce \of course E ", or \bang E ") is the coherence space whose events are the nite states of E , and whose coherence is given by (x1 _ ^ x2 , x1 " x2).

Proposition 13.1.14 The operation ! extends to a functor ! : Coh ! Cohl which is left adjoint to the inclusion functor : Cohl ! Coh


340

Proof hint. The natural bijections from CohE E ] to Cohl!E E ] are obtained by replacing the pairs (x e ) by pairs (fxg e ) in the traces. 2 Remark 13.1.15 Here are some more abstract comments on the adjunction ! a. The nite states of D(!E ) canWbe seen as presentations of the states of E , via the lub operation associating X with X = fx1 : : : xng. There are two presentations of ?: , and f?g. It follows that D(!E ) contains a lifting of 0

0

0

0

D(E )2 (cf. denition 1.4.16). Keeping this in mind, it becomes clear how an arbitrary function from D(E ) to D(E ) becomes a strict function from D(!E ) to D(E ) (cf. proposition 1.4.18). The second equivalence of the statement of lemma 13.1.5 naturally suggests a further decomposition of E ( E as E } E , where the new constructors and } are de ned as follows. Denition 13.1.16 (linear negation { coherence spaces) Let (E _ ^) be a coherence space. The linear negation E (pronounce \E perp") of a coherence space (E _ ^) is dened as E = (E ^ _). Denition 13.1.17 (par { coherence spaces) Let E , E be coherence spaces. Their multiplicative disjunction E } E (pronounce \E par E ") is the coherence space whose events are pairs (e e ) where e 2 E and e 2 E , and whose incoher0

0

0

?

0

?

?

?

0

0

0

0

0

0

ence is given by

(e1 e1) ^ _ (e2 e2) , (e1 ^ _ e2 and e1 ^ _ e2): Other connectives can be de ned by De Morgan duality. The dual of is another disjunction , called additive. The dual of 1 is written 0. The dual of ! is written ? and called \why not". The dual of } is the tensor product, whose direct de nition, dictated by (E E ) = E } E , is as follows. Denition 13.1.18 (tensor { coherence spaces) The tensor product (or multiplicative conjunction) E E of two coherence spaces E and E is the coherence space whose events are pairs (e e ) where e 2 E and e 2 E , and whose coherence is given by (e1 e1) _ ^ (e2 e2) , (e1 _ ^ e2 and e1 _ ^ e2): 0

0

0

0

?

?

0

0?

0

0

0

0

0

0

0

0

0

Finally, there is a connective called tensor unit: I = (f?g id ): The dual of I is written ?. These connectives obey some categorical constructions, which ensure that they allow to interpret linear logic. Some of them were already discussed in this section (propositions 13.1.3 and 13.1.14). The rest will be completed in the next section. 2 Actually, this containment is strict. For example, !O is isomorphic to O O, which has four elements, while (O)? has three elements and is not a coherence space.

13.2. CATEGORICAL INTERPRETATION OF LINEAR LOGIC

341

13.2 Categorical Interpretation of Linear Logic The connectives introduced in section 13.1 fall into three groups, which Girard has named as follows: multiplicatives: I ? } and linear negation: additives: 1 0 : exponentials: ! ?: In gure 13.2, we present a sequent calculus for linear logic. A much better presentation of the proofs of linear logic is by means of certain graphs called proof nets, which forget some irrelevant details of syntax, and are the gate to a geometric understanding of logic and computation. This goes beyond the scope of this book. We simply refer to Gir87] and Dan90], and mention that sequential algorithms introduced in chapter 14 are in the same spirit. The sequents of gure 13.2 are of the form ` ;, where ; is a list of formulas, possibly with repetitions. In the rule (Exchange ), (;) means any permutation of the list ;. Here are brief comments on this proof system:

There are no weakening and contraction rules. Weakening allows to add assumptions to a sequent, contraction allows to identify repeated assumptions with a single assumption. They express the two aspects of non-linearity (cf. de nition 13.1.6): weakening allows non-strictness, while contraction allows repeated use of resources.

The rule () expresses a splitting of resources: ; for A, and for B . Multiplicative connectives correspond to a form of parallelism without communication. The corresponding categorical notion is that of monoidal category, introduced below.

The rule () expressed sharing of resources: ; is used both by A and B . The corresponding categorical construction is the product

The exponential rules regulate the explicit reusability of resources. Rule (Promotion ) says that a formula proved under reusable assumptions is itself reusable. Rule (Dereliction ) says that a resource that can be used once is a resource which can be used n times, for some n. Since n can in particular be 0, some information is lost when this rule is applied. Rules (Contraction ) and Rule (Weakening ) say that reusable data can be duplicated. We now sketch the categorical interpretation of the formlas and proofs of linear logic. We rst introduce a few categorical notions, building upon the structure of monoidal category ML71, Bar91b]. Denition 13.2.1 (monoidal) A monoidal category is a category C equipped with:


342

LOGICAL RULES (Axiom )

` A ;

(Cut )

` A A ; (Exchange ) ` `(;) ?

` A

` ;

?

MULTIPLICATIVES ()

(I ) ` I ` A ; ` B ` A B ;

(?) (})

`; ` ? ;

` A B ; ` A } B ;

ADDITIVES ()

(1)

` 1 ;

` A ; ` B ; ` A B ;

()

` A ; ` A B ;

` B ; ` A B ;

EXPONENTIALS

` A ?B1 : : : ?Bn `!A ?B1 : : : ?Bn (Contraction ) `?À?A?A; ;

(Promotion)

` A ; `?A ; (Weakening ) `?À; ;

(Dereliction )

Figure 13.1: Sequent calculus for linear logic


343

a functor : C C ! C, called tensor product,

a distinguished object I , called tensor unit, and

natural isomorphisms, also called canonical isomorphisms: : A (B C ) ! (A B ) C l : I A ! A r : A I ! A satisfying the following two so-called coherence equations:

( ; ) = ( id ) (id ) ( ; ) (r id ) = id l : Where do the two coherence equations of de nition 13.2.1 come from? As observed by Huet (unpublished), a good answer comes from rewriting theory (which came much after monoidal categories were de ned in 1963 by Mac Lane). Consider the domains and codomains of the canonical isomorphisms and of the equated arrows as the left and right hand sides of rewriting rules and rewriting sequences, respectively:

! ! ! ( ; ) A (B (C D)) ! ( ; ) A (B I ) ! () (l) (r )

A (B C ) I A AI

(A B ) C A A

((A B ) C ) D AB : Then the two coherence equations correspond to equating dierent reduction sequences: encodes

A (B (C D)) ! (A B ) (C D) ! ((A B ) C ) D while ( id ) (id ) encodes

A (B (C D)) ! A ((B C ) D) ! ((A B ) C ) D:

Similarly, the two sides of the second equation encode

A (I B ) ! (A I ) B ! A B A (I B ) ! A B : More precisey, these reductions correspond to the so-called critical pairs of the rewriting system on objects induced by l and r . We pursue this in exercise 13.2.2.


344

Exercise 13.2.2 (coherence { monoidal) 1. Find all the critical pairs of the rewriting system underlying l and r , and show that the corresponding equations between canonical isomorphisms are derivable from the two equations given in de nition 13.2.1. 2. Prove the so-called coherence theorem for monoidal categories: every two canonical arrows (that is, written by means of the canonical isomorphisms and their inverses only) with the same domain and codomain are equal. Hints: (1) There are three other critical pairs exploit the fact that l and r are isos. (2) Remove rst 1 l 1 and r 1 , and proceed as in the proof of Knuth-Bendix theorem (conuence of critical pairs implies local conuence) HO80]. ;

;

;

Denition 13.2.3 (symmetric monoidal) A symmetric monoidal category is a monoidal category together with an additional natural isomorphism : A B ! B A satisfying: ( ; ) = id ( ; ) = ( id ) (id ) : The coherence theorem case still holds in the symmetric monoidal case, but needs more care in its statement: clearly we do not want to identify : A A ! A A and id : A A ! A A. Category theorists exclude this by speaking, not of terms, but of natural transformations:

: ((A B ):AB ) ! ((A B ):B A) id : ((A B ):AB ) ! ((A B ):AB ): do not have the same codomain. A more elementary point of view is to restrict attention to linear terms for objects.

Exercise 13.2.4 (coherence { symmetric monoidal) * Show that, in a symmet-

ric monoidal category, any two canonical natural transformations between the same functors are equal. Hints: Use monoidal coherence, and the following presentation of the symmetric group by means of the transpositions i which permute two successive elements i and i + 1:

i i = id i j = j i (j ; i > 1) i i+1 i = i+1 i i+1:

Denition 13.2.5 (monoidal closed) A monoidal closed category is a monoidal category C such that for any object A the functor C:(C A) has a right adjoint, written B:(A ( B ). In other words, for every objects A B , there exists an object A ( B , called linear exponent, and natural bijections (for all C ): l : CC A B ] ! CC A ( B ]: We write ev l = l 1 (id ). ;


345

Notice that there are no accompanying additional coherence equations for monoidal categories. This comes from the dierence in nature between the constructions and (: the latter is given together with a universal construction (an adjunction), while the rst is just a functor with some associated isomorphisms. This dierence is often referred to as the dierence between \additional structure" () and \property" ((). The notion of dualising object, introduced next, is \additional structure". Denition 13.2.6 (?-autonomous) A symmetric monoidal closed category C is called ?-autonomous if it has a distinguished object ?, called dualising object, such that for any A the morphisms (called canonical) l(ev l ) : ClA (A ( ?) ( ?] have an inverse. If no ambiguity can arise, we write A for A ( ?, and A for (A ) . ?

?

??

?

Proposition 13.2.7 Let C be a ?-autonomous category. 1 : There exists a natural bijection between CA B ] and CB A ]: 2 : There exists a natural isomorphism (A ( B ) = AB : 3 : There exists a natural isomorphism I = ? : Proof hint. (1) By functoriality of (, with every f : A ! B we can associate (f ( ?) : B ! A . In the other direction, starting from g : B ! A , we arrive at (g ( ?) : A ! B , which up to natural isomorphism is in CA B ]. ?

?

?

?

?

?

?

?

??

?

??

(2) In one direction, by associativity, and using ev l twice, we get a morphism from (A B ) (A ( B ) to ?. In the other direction, we exploit the following chain of transformations: C(A ( B ) A B ] = C(A B ) (A ( B ) ] (by (1)) = C(A B ) A ( B ] (? is dualising) = CA ( B A ( B ] (C is closed) = CA ( B A ( B ] (? is dualising) : ?

?

?

?

?

?

?

??

??

(3) We proceed similarly, as suggested by id : I ? = ?!? = I I ! ? : ev l : I ?

?

2

Part (3) of proposition 13.2.7 shows in restrospective that the name ? for the dualising object is deserved: we can indeed understand it as the multiplicative false. Often, the linear negation comes rst in the semantics. The following approach is thus helpful.


346

Proposition 13.2.8 Suppose that C is a symmetric monoidal category, and that ( ) : Cop ! C is a functor (which we shall call the dualising functor) which is ?

given together with: 1 : A natural isomorphism A =A : 2 : A natural bijection CI (A B ) ] = CA B ]: Then C is monoidal closed, with ( dened by A ( B = (A B ) . Proof. We have: CA B ( C ] = CA (B C ) ] (by de nition) = CI (A (B C ) ) ] (by (2)) = CI (A (B C )) ] (by (1)) = CI ((A B ) C ) ] (by associativity) = CA B C ] (by (2)) : ?? ?

?

?

?

?

?

?

??

?

?

?

?

?

2

Remark 13.2.9 The above data are close to ensuring that C is ?-autonomous. Indeed, from A = A and A ( I = (A I ) = (A I ) =A we obtain A = (A ( I ) ( I . However, one would need to impose tedious ??

?

?

??

?

?

?

?

coherence axioms relating the natural isomorphisms and bijections of proposition 13.2.8, in order to ensure that this isomorphism is indeed the one obtained by twisting and currying the evaluation morphism. One such condition is that the composition of isomorphisms CA B ] = CI (A B ) ] = CI (B A) ] = CI (B A ) ] = CB A ] has to be the action of the functor on CA B ]. The last ingredient we need is the notion of comonad, which is dual to that of monad (cf. de nition B.8.1). Denition 13.2.10 (comonad) A comonad over a category C is a triple (T ) where T : C ! C is a functor, : T ! idC, : T ! T 2 are natural transformations, and the following equations hold: TA A = id TA TA A = id TA TA A = TA A : The following derived operation is useful. For all f : TA ! B , one constructs (f ) : TA ! TB as follows: (f ) =!f : We dene the co-Kleisli category cKT (often simply called Kleisli category) as follows. The objects of cKT are the objects of C, and for any A B : cKT A B ] = CTA B ]: ? ?

?

?

?

?

??

?

?

?


347

The identity morphisms are given by , and composition cK is dened by

g cK f = g (f ): As with monads, every adjunction induces a comonad. Proposition 13.2.11 Every adjunction (L R ), where F : C ! C and G : C ! C, induces a comonad (F G ) on C , where is the counit of the adjunction, and where = FG, i.e. B = F (GB ) (for all B ). The Kleisli 0

0

0

category associated with the comonad is equivalent to the full subcategory of C whose objects are in the image of R. We follow Bar91b, See89] in our de nition of a category allowing to interpret linear logic. Recently, it was pointed out by Bierman that Seely's de nition does not validate all the proof reductions rules one would wish for. He proposed a satisfactory de nition of a model of intuitionistic linear logic. We refer to Bie95] for details (see also remarks 13.2.18 and 13.2.22). Here we stick to Seely's style of de nition, which is more synthetic and is good enough for introductory purposes. Denition 13.2.12 (!?-autonomous category) A !?-autonomous category is a structure consisting of the following data: 1. A ?-autonomous category Cl which is at the same time cartesian. 2. A comonad (! ) over Cl, called the exponential, together with the preceding structure by two natural isomorphisms:

!(A B ) = (!A) (!B ) !1 = I:

Remark 13.2.13 If Cl is only symmetric monoidal closed (that is, if it is not

equipped with a dualising object), but has the rest of the structure of a !?-autonomous category, then we can interpret in it intuitionistic linear logic only.

Remark 13.2.14 It is often the case that the comonad ! = F G is dened via an adjunction F a G between two functors F : C ! Cl and G : Cl ! C. By proposition 13.2.11, if each object of C is isomorphic to some object in the image of G, then the Kleisli category associated with the comonad is equivalent to C. This is a fortiori the case when G is the (surjective) identity on objects, as in the stable model.

We next complete the work of section 13.1 and show that coherence spaces form a !?-autonomous category. Theorem 13.2.15 The category Cohl together with the comonad on Cohl induced by the adjunction ! a is a !?-autonomous category whose Kleisli category is equivalent to Coh.


348

Proof. For the symmetric monoidal structure, we just notice that at the level

of events the canonical isomorphisms are given by ((e e ) e ) $ (e (e e )) (e ?) $ e (? e) $ e: There is a natural bijection CohlI E ] = E , since (? e1) _ ^ (? e2) boils down to _ e1 ^ e2. Hence we have

CohlI (E E ) ] =

(E E )

= jE ( E j = CohlE E ] by proposition 13.1.7 : Then the closed structure follows from proposition 13.2.8. To see that Cohl is ?-autonomous, we set ? = I (= I ), and we observe the trace of l(ev l ) : A ! (A ( ?) ( ?, which is f(e ((e ?) ?)) j e 2 E g. It clearly has as inverse the function whose trace is f(((e ?) ?) )e j e 2 E g. That Coh is equivalent to the Kleisli category follows from remark 13.2.14. We are left to verify the two natural isomorphisms. The rst one holds by proposition 13.2.17. For the second one, notice that D(1) is a singleton. 2 0

00

0?

0

00

?

0?

?

0

0

?

We examine some consequences of our de nition of !?-autonomous category. Proposition 13.2.16 If Cl is a !?-autonomous category, then the associated coKleisli (Kleisli for short) category K(Cl ) is cartesian closed. Proof. As product on objects and as pairing of arrows we take the product on objects and the pairing of arrows of Cl . As projections we take and : We check one commutation diagram: ( ) cK hf f i = ( (hf f i)) = hf f i = f: Next we de ne A ! B = (!A) ( B . The natural bijections are obtained via the following chain, where we abbreviate K(Cl) as C: CA B C ] = Cl !(A B ) C ] = Cl (!A) (!B ) C ] = Cl !A (!B ) ( C ] = Cl !A B ! C ] = CA B ! C ] : 0

0

0

0

2

Conversely, the rst of the natural isomorphisms of de nition 13.2.12 is implied by the CCC structure of the Kleisli category. Proposition 13.2.17 Let Cl be a ?-autonomous category which is at the same time cartesian, and which is equipped with a comonad (! ) such that the associated Kleisli category is cartesian closed. Then there exists a natural isomorphism from (!A) (!B ) to !(A B ).


349

Proof. Note rst that the assumptions of the statement are slightly redundant

since we have already seen that the cartesian structure on the Kleisli category is implied. We still denote with C the Kleisli category. We derive the desired isomorphisms by exploiting the following chains of transformations: Cl !(A B ) !(A B )] = CA B !(A B )] = CA B !!(A B )] = Cl !A (!B ) (!(A B )] = Cl (!A) (!B ) !(A B )] : We obtain the desired arrow from (!A) (!B ) to !(A B ) by starting from id :!(A B ) !!(A B ). The arrow in the other direction is constructed similarly.

2

Remark 13.2.18 It would be more agreeable to have the other natural isomorphism !1 = I implied as well, but the categorical structure considered here is not rich enough to provide us with an arrow from I to !1. This anomaly is repaired in the setting of Bie95], where the existence of an isomorphism I =!I is postulated.

Another implied structure is that each object of the form !A is endowed with the structure of a comonoid: there are two arrows e : !A ! I d : !A ! (!A) (!A) satisfying the three (categorical versions of the) comonoid laws (see exercise 13.2.19). These arrows are constucted as follows: e = !(!) (the second ! is ! : A ! 1) d = !(hid idi) where = is to be read as \composition with the isomorphisms !1 = I and !(A A) = (!A) (!A)". Exercise 13.2.19 Let d and e be as just de ned. Show that the following equations are satis ed:

l (e " id ) d = id r (id " e) d = id (id " d) d = (d " id ) d d = d: This implicit comonoid structure may serve as a guide in constructing a !?autonomous category. Some authors have even insisted that ! should be a free comonoid construction. We content ourselves with the following exercise and the following remark.

Exercise 13.2.20 Show that, for any symmetric monoidal category C, the category Com(Cl) whose objects are comonoids (A d e) over C and whose morphisms are comonoid morphisms (i.e. morphisms of Cl which commute with d e in the obvious sense) is cartesian, and that the forgetful functor U : Com(C)l ! Cl maps products to tensor products.


350

Remark 13.2.21 Exercise 13.2.20 suggests a \recipe" for constructing a !?autonomous category out of a cartesian and ?-autonomous category Cl.

Focus on an appropriate (full) subcategory C of Com(Cl) which has the same products as Com(Cl ).

Construct an adjunction of the form U ` G between C and Cl), where U is the restriction of the forgetful functor to C. Then, setting ! = U G, the natural isomorphism !(A B ) = (!A) (!B ) comes for free:

G(A B ) (right adjoints preserve limits) = G(A) G(B ) U (G(A) G(B )) = (U (G(A)) (U (G(B )) cf. exercise 13.2.20 :

Interpretation of linear logic proofs. Finally, we sketch the interpretation of the sequents of linear logic in a !?-autonomous category Cl . A proof of a sequent ` A1 : : : An is interpreted by a morphism f : I ! (A1 } : : : } An) (confusing the formulas with their interpretations as objects of Cl). The rules

are interpreted as follows: (I ) ` I is interpreted by id : I ! I . (?) Obvious, since ? is the dual of I (cf. proposition 13.2.7). () If f : I ! (A } ;) and g : I ! (B } ), then by the isomorphisms A}; =;}A = ; ( A (and similarly B } = ( B ) and by uncurrying, we can consider f : ; ! A and g : ! B . Then we form f g : ; ! A B which by similar manipulations yields: ?

?

?

?

?

?

f g : I ! (A B ) } (; ) = (A B ) } (; } ): ?

?

?

(}) Obvious by associativity of }. (Axiom ) Since A } A = A ( A. we interpret ` A A by the currying of the identity considered as from I A to A. (Cut ) Similar to (): from f : I ! (A } ;) and g : I ! (A } ) we get ev l (f g) : ; ! ?, which we can read as a morphism from I to (; } ) } ? = ; } . (Exchange ) By associativity and commutativity. (1) Interpreting ` 1 } ; amounts to give an arrow from ; to 1. Since 1 is terminal, we take the unique such arrow. () The pairing of f : I ! (A } ;) and g : I ! (B } ;) yields hf gi : ; ! (A B ). ?

?

?

?

?

?

?

13.3. HYPERCOHERENCES AND STRONG STABILITY

351

() Given f : I ! (A } ;), we build f : A B ! ;, which we can consider as a morphism from I to (A B ) } ;. (Dereliction ) Given f : I ! (A } ;), we build f : !(A ) ! ;, where is the rst natural transformation of the comonad. (Weakening ) Let f : I ! ;. Then we can consider that f d =!(A ) ! ; (where d comes from the comonoid structure induced on !A) is a proof of `?A ;. (Contraction ) This case is similar to the case (Weakening ), replacing d by e. (Promotion ) Let f : I ! (A }?B1 } : : : }?Bn ), which we can consider as an arrow from !(B1 : : : Bn ) to A. Here we have made an essential use of the natural isomorphisms required in the de nition of !?-autonomous category. Then we can consider (f ) : !(B1 : : : Bn ) !!A as a proof of `!A ?B1 : : : ?Bn. ?

?

?

?

?

?

?

?

Remark 13.2.22 The interpretation given above for the rule (Promotion ) has

the drawback of appealing explicitly to products. This is a bit odd since linear logic without additive connectives, but with exponentials, is interesting enough. In the setting of Bie95], the existence of isomorphisms !(A B ) = (!A) (!B ) is postulated. Then (Promotion ) is interpreted as follows. Let f : I ! (A }?B1 } : : : }?Bn ), which we can consider as an arrow from !(B1 ) : : : !(Bn ) to A. Consider ?

?

: : : : !(B1 ) : : : !(Bn ) ! !!(B1 ) : : : !!(Bn ) =!(!(B1 ) : : : !(Bn )): ?

?

?

?

?

?

Then !f ( : : : ) can be considered as an arrow from !(B1 ) : : : !(Bn ) to !A, hence is a valid interpretation for `!A ?B1 : : : ?Bn. ?

?

Remark 13.2.23 In some models, like the sequential model presented in chapter 14, the terminal object is the unit. Then we can dene projections l : A B ! A and l : A B ! B as follows. One goes, say, from A B to A 1 (using that 0

1 is terminal) and then to A by a coherent isomorphism. A consequence is that the usual weakening rule: `; ` A ; is valid. Indeed, given f : I ! ;, we build f l : I A ! ;. Intuitionistic linear logic plus weakening is called ane logic and can be interpreted in any symmetrical monoidal closed category which has a ! and where the terminal object is the unit. ?

13.3 Hypercoherences and Strong Stability In this section, we investigate Ehrhard's hypercoherences. They have arisen from an algebraic characterisation of sequential functions (see theorem 13.3.16).

352


Denition 13.3.1 (hypercoherence) A hypercoherence is a pair (E ;), where ? (E ), called atomic E is a set, called the web of E , and where ; is a subset of Pfin coherence (or simply coherence), such that for any a 2 E , fag 2 ;. We write ;? = fu 2 ; j ]u > 1g, and call ;? the strict atomic coherence. If needed from the context, we write E = j(E ;)j (or simply E = jE j) and ; = ;(E ). A hypercoherence is called hereditary if

8 u 2 ; v (v u ) v 2 ;): A state of a hypercoherence (E ;) is a set x E such that 8 u ?n x u 2 ; where u ?n x means that u is a nite and non-empty subset of x. We call D(E ) the set of states of E , ordered by inclusion.

Proposition 13.3.2 Let (E ;) be a hypercoherence. The poset D(E ), ordered by inclusion, is a qualitative domain (cf. denition 12.3.11), whose compact elements are the nite states.

Proof. We observe that singletons are states, and that the de nition of state enforces that (u 2 K(D(E )) and v u) imply v 2 K(D(E )). 2 Remark 13.3.3 Since any qualitative domain can be obviously viewed as a hered-

itary hypercoherence, we can say in view of proposition 13.3.2 that qualitative domains and hereditary hypercoherences are the same (see proposition 13.3.23). But of course there are more hypercoherences than those arising naturally from qualitative domains (see denition 13.3.14).

The atomic coherence gives also rise to a collection of distinguished subsets of states, enjoying some interesting closure properties. They will allow us to get a more abstract view of the morphisms of the hypercoherence model, in the same way as linear or stable functions are more abstract than their representing traces. We need a technical de nition.

Denition 13.3.4 (multisection) Let E be a set, and let u E and A P (E ). We write u / A, and say that u is a multisection of A, i (8 e 2 u 9 x 2 A e 2 x) and (8 x 2 A 9 e 2 u e 2 x): Remark 13.3.5 If both u and A are nite, u / A holds exactly when we can nd a list of pairs (e1 x1) : : : (en xn) such that ei 2 xi for all i and u = fei j 1 i ng A = fxi j 1 i ng:


353

Denition 13.3.6 (state coherence) Let (E ;) be a hypercoherence. We de? (D(E )), called the state coherence of (E ;), as follows: ne a set C (E ) Pfin C (E ) = fA ?n D(E ) j 8 u ?n E u / A ) u 2 ;g: We recall the convex ordering from theorem 9.1.6. Given a partial order D and two subsets B A of D, we write B c A for (8 y 2 B 9 x 2 A y x) and (8 x 2 A 9 y 2 B y x): (Notice that this obeys the same pattern as the de nition of /.) Lemma 13.3.7 Let (E ;) be a hypercoherence. The state coherence C (E ) satises the following properties: 1 : If x 2 D(E ) then fxg 2 C (E ): 2 : If A 2 C (E ) and B c A then B 2 C (E ): 3 : If A ?n D(E ) has an upper bound in D(E ) then A 2 C (E ): 4 : If A ?n D(E ) and 2 A then A 2 C (E ): Proof. (1) If u / fxg, then a half of the de nition of / says u x, and u 2 ; then follows by de nition of a state. (2) Let A 2 C (E ), B c A, and u / B . It follows from the de nitions of c and / that u / A, and from A 2 C (E ) that u 2 ;. (3) This follows from (1) and (2), since we can express that A has an upper bound z as A c fzg. (4) If 2 A, then we cannot nd a u such that u / A, and the condition characterising A 2 C (E ) holds vacuously. 2 Denition 13.3.8 (strongly stable) Let (E ;) and (E ; ) be hypercoherences. A continuous function f : D(E ) ! D(E ) is called strongly stable from (E ;) to (E ; ) if ^ ^ 8 A 2 C (E ) (f (A) 2 C (E ) and f ( A) = f (A)): We call HCoh the category of hypercoherences and strongly stable functions. Strongly stable functions are to form (up to equivalence) the Kleisli category of our model. We turn to the de nition of the linear category. 0

0

0

0

0

0

Denition 13.3.9 (linear exponent { hypercoherences) Let (E ;), (E ; ) be two hypercoherences. The linear exponent E ( E is the hypercoherence whose events are the pairs (e e ) where e 2 E and e 2 E , and whose atomic coherence 0

0

0

0

0

consists of the nite non-empty w's such that

(w) 2 ; ) ( (w) 2 ; and (] (w) = 1 ) ](w) = 1)): 0

0

0

0


354

Denition 13.3.10 The category HCohl is the category whose objects are hypercoherences, and whose morphisms are given by

HCohlE E ] = D(E ( E ) 0

0

for all E E , with identity relations and relation composition as identities and composition. 0

Proposition 13.3.11 The data of denition 13.3.10 indeed dene a category. Proof. The only non-obvious property to check is that the relation composition of two states is a state. Suppose thus that (E ;), (E ; ), and (E ; ) are given, as well as 2 D(E ( E ) and 2 D(E ( E ) . We rst claim that if (e e ) 2 , then there exists a unique e 2 E such that (e e ) 2 and (e e ) 2 . Let w be a nite non-empty subset of W = fe j (e e ) 2 and (e e ) 2 g (e e xed). Considering f(e e ) j e 2 w g, we obtain that w 2 ; since feg 2 ;. Then, considering f(e e ) j e 2 w g, we get ]w = 1 since ]fe g = 1. Therefore W is also a singleton. Let now w be a nite non-empty subset of such that (w) 2 ;. Consider u = f(e e ) 2 j 9 e (e e ) 2 and (e e ) 2 wg v = f(e e ) 2 j 9 e (e e ) 2 and (e e ) 2 wg : 0

0

0

0

0

0

0

00

0

0

00

00

0

0

0

00

0

0

00

0

00

0

0

0

0

0

0

0

0

00

0

00

0

0

00

0

0

0

0

00

00

0

00

0

0

00

0

00

The claim implies that u and v are nite. We have (u) = (w) by de nition of u and of . It follows that (u) 2 ; since we have assumed (w) 2 ;. But (u) = (v), hence (w) = (v) 2 ; . If furthermore ] (w) = 1, then ](v) = 1 = ] (u), and ](u) = 1 = ](w). 2 Proposition 13.3.12 The category HCohl is cartesian. If (E ;) and (E ; ) are hypercoherences, their product E E is dened as follows:

Events are either e:1 where e 2 E or e :2 where e 2 E .

The atomic coherence consists of the (nite non-empty) subsets w such that 0

0

0

0

0

0

00

0

0

0

0

0

0

0

0

(wdE = ) wdE 2 ; ) and (wdE = ) wdE 2 ;) 0

0

0

where, say, wdE = fe j e:1 2 wg. We have

= D(E ) D(E ) D(E E ) A 2 C (E E ) , (AdE 2 C (E ) and AdE 2 C (E )) 0

0

0

0

0

where, say, AdE = fudE j u 2 Ag. The terminal object is the empty hypercoherence.


355

Proof. The projection morphisms and pairing are given by = f(e:1 e) j e 2 E g = f(e :2 e ) j e 2 E g h i = f(e e:1) j (e e) 2 g f(e e :2) j (e e ) 2 g : The only point which requires care is the veri cation that h i is a morphism. Let w ?n h i be such that (w) 2 ;. Notice that, in order to tell something about (w)dE , we are led to consider wE = f(e e) j (e e:1) 2 wg. If (wE ) is a 0

0

0

0

0

00

0

00

00

0

00

0

0

0

0

0

00

00

strict subset of (w), we don't know whether (wE ) is in the atomic coherence of E , unless (E ;) is hereditary (see remark 13.3.13). These considerations should help to motivate the de nition of ;(E E ). Indeed, all we have to check is that if (w)dE = then (w)dE 2 ; (the other implication being proved similarly). The assumption (w)dE = implies w = wE , (wE ) 2 ; , and (w)dE = (wE ) 2 ;. If moreover ] (w) = 1, then, say, (w) = fe:1g, hence (wE ) = feg, which entails ](wE ) = 1, and ](w) = 1 since (w) = fe:1g a fortiori implies (w)dE = . We show that x:(xdE xdE ) de nes a bijection (actually an order isomorphism) from D(E E ) to D(E ) D(E ). All what we have to do is to show that this mapping and its inverse have indeed D(E ) D(E ) and D(E E ) as codomains, respectively. This follows easily from the following observation (and from the similar observation relative to E ): 8 u ?n xdE (u 2 ; , fe:1 j e 2 ug 2 ;(E E )): The same observation serves to prove the characterisation of C (E E ), since in order to check that A 2 C (E E ), we need only to consider u's such that either udE = or udE = . 2 Remark 13.3.13 The cartesian product of two hereditary hypercoherences is not hereditary in general. Indeed, given any nite u E and u E , where, say, u 62 ;(E ), we have fe:1 j e 2 ug fe :2 j e 2 u g 2 ;(E E ) as soon as both u and u are non-empty, but fe:1 j e 2 ug 62 ;(E E ). (See also proposition 13.3.15.) The full subcategory of hereditary hypercoherences, being equivalent to that of qualitative domains, has a product, though, which is given by the same set of events, but a dierent atomic coherence, consisting of the w's such that wdE 2 ; and wdE 2 ; : The product structure gives rise to an interesting class of hypercoherences, which are the key to the link between sequentiality and strong stability, and which are therefore at the root of the theory of hypercoherences and strong stability. Coherence spaces (E _ ^) are special qualitative domains, and can therefore be seen as hereditary hypercoherences. But they can also be endowed with another hypercoherence structure, which we de ne next. 0

0

0

0

0

00

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

356


Denition 13.3.14 1. Let (E _ ^) be a coherence space. It induces a hypercoherence (E ;L ), called linear hypercoherence, where

;?L = fu ?n E j 9 e1 e2 2 E (e1 6= e2 and e1 _ ^ e2)g:

2. Let X be a set. The hypercoherence X = (X ffxg j x 2 X g) is called the at hypercoherence associated to X . Clearly, D(X ) = X , whence the name and the notation. ?

?

?

Proposition 13.3.15 Let E1 : : : En be at hypercoherences. Let E be the product of E1 : : : En in the category of coherence spaces. Then (E ;L ) is the product of E1 : : : En in HCohl. Proof. Without loss of generality, we consider a product of three at hyperco-

herences E1, E2, and E3. By de nition, the product hypercoherence consists of those w's such that (1(w) 6= or 2(w) 6= or ]3(w) = 1) and (1(w) 6= or 3(w) 6= or ]2(w) = 1) and (2(w) 6= or 3(w) 6= or ]1(w) = 1) : Under the assumption ]w > 1,we have, say: (1(w) 6= or 2(w) 6= or ]3(w) = 1) ) (1(w) 6= or 2(w) 6= ) hence the strict coherence of the product consists of the w's such that (1(w) 6= or 2(w) 6= ) and (1(w) 6= or 3(w) 6= ) and (2(w) 6= or 3(w) 6= ) or (generalising from 3 to n) 9 i j n i 6= j and (i(w) 6= and j (w) 6= ) which by proposition 13.1.3 and by de nition is the linear coherence on E .

2

We have now all the ingredients to show where strong stability comes from. Theorem 13.3.16 Suppose that E1 : : : En E are at hypercoherences. A function f : D(E1 ) : : : D(En ) ! D(E ) is sequential i it is strongly stable from (E1 : : : En ;L ) to E . Proof. By proposition 13.3.15, (E1 : : : En ;L) is the product E1 : : : En in HCohl. Hence, by proposition 13.3.12: A 2 CL(E ) , 8 i 2 f1 : : : ng i(A) 2 C (Ei)


357

where CL(E ) is the state coherence associated with ;L. If A = fx1 : : : xkg and xj = (x1j : : : xnj ) for all j k, then we can rephrase this as

fx1 : : : xk g 2 CL (E ) , 8 i 2 f1 : : : ng (9 j k xij = ?) or (xi1 = : : : = xik 6= ?): On the other hand, by theorem 6.5.4, f is sequential i it is invariant under the relations Sk+1 de ned by (x1 : : : xk+1) 2 Sk+1 , (9 j k xj = ?) or (x1 = : : : = xk+1 6= ?): The conclusion then follows from the following easy observations: : xi(k+1)) 2 Sk+1V may be rephrased as (xi1 : : : xik ) 2 C (D) and V (xi1x : : xi(k+1), hence 1 j k xj xk+1 and 1 j k ij

(x1 : : : xk+1) 2 Skn+1 , (x1 : : : xk ) 2 C ((D1 : : : Dn )L):

f (V A) = V f (A) can be rephrased as 8 x x V A ) f (x) V f (A). 2 Lemma 13.3.17 In E ( E = E , the following equivalences hold (and thus 0

00

may alternatively serve as denition of atomic coherence):

(1) w 2 ; , ((w) 2 ; ) (w) 2 ; ) and ((w) 2 ;? ) (w) 2 ; ?) (2) w 2 ; ? , (w) 62 ; or (w) 2 ; ? : 00

0

00

0

0

0

0

0

Proof. The equivalence (1) is just a rephrasing of the equivalence given in de nition 13.3.9. By Boolean manipulations, we get successively: right hand side of (1)

,

(

((w) 62 ; and ((w) 62 ;? or (w) 2 ; ?)) or ( (w) 2 ; and ((w) 62 ;?) or (w) 2 ; ?)) 0

0

0

0

0

0

, (w) 62 ; or (w) 2 ; ? or ( (w) 2 ; and (w) 62 ;?) : 0

0

0

0

Now we suppose that ]w > 1. Then either ](w) > 1 or ] (w) > 1. If ] (w) > 1, then (w) 2 ; is the same as (w) 2 ; ?. Similarly, if ] (w) > 1, then (w) 62 ;? is the same as (w) 62 ;, Hence, under the assumption ]w > 1: 0

0

0

0

0

0

0

( (w) 2 ; and (w) 62 ;?) ) ((w) 62 ; or (w) 2 ; ?) 0

0

0

0

and the right hand side of (1) boils down to the right hand side of (2), which completes the proof. 2 As in the stable case, the equivalence (2) of lemma 13.3.17 directly suggests a de nition of tensor product and of linear negation.


358

Denition 13.3.18 (tensor { hypercoherences) Let (E ;) and (E ; ) be hypercoherences. Their tensor product E E is the hypercoherence whose web is E E , and whose atomic coherence consists of the non-empty nite w's such that (w) 2 ; and (w) 2 ;. Denition 13.3.19 (linear negation { hypercoherences) Let (E ;) be a hy0

0

0

0

0

percoherence. The linear negation E of E is the hypercoherence whose web is ? (E )n;? . Or, alternatively, u 2 ;? (E ) i E , and whose atomic coherence is Pfin u 62 ;(E ). ?

?

Proposition 13.3.20 The category HCohl is ?-autonomous. Its unit is the unique hypercoherence whose web is the singleton f?g. Proof. The proof is

a straightforward adaptation of the proof of theorem

13.2.15. We even have (E E ) = HCohlE E ]. 2 Denition 13.3.21 (exponential { hypercoherences) Let (E ;) be a hyper0?

?

0

coherence. The exponential !E is the hypercoherence whose events are the nite states of E and whose atomic coherence consists of the the A's such that

8 u ?n E (u / A ) u 2 ;): Proposition 13.3.22 The operation ! extends to a functor ! : HCoh ! HCohl which is left adjoint to the inclusion functor : HCohl ! HCoh dened as follows: (E ;) = (E ;) ( ) = fun ( ) where

fun ( )(x) = fe j 9 e (e e ) 2 and e 2 xg: 0

0

Proof. We exhibit inverse bijections between D(!E ( E ) and HCohE E ]. 0

0

Given a strongly stable function f , we de ne

trace (f ) = f(x e ) j e 2 f (x) and (8 y < x e 62 f (x))g: 0

0

0

Conversely, given 2 D(!E ( E ), we de ne 0

fun ( )(x) = fe j 9 y (y e ) 2 and y xg: 0

0

This de nition of fun extends that given in the statement, up to the identi cation of events e with singletons feg. Therefore, the subsequent proof also establishes that is well-de ned. That trace and fun are inverses is proved exactly as in theorem 12.3.6. We prove that trace and fun are well-de ned:

trace (f ) is a state: Let w0 ?n trace (f ), and suppose that (w0) 2 ;(!E ) = C (E ). By de nition of trace , (w0) / f ((w0)). Hence (w0) 2 ; . Suppose 0

0

0

13.3. HYPERCOHERENCES AND STRONG STABILITY 359 V f ((w )) = f (V (w )). Let z moreover that ( w 0 ) = fe g. Then e 2 0 0 V (w ) be such that (z e ) 2 trace (f ). Then, by minimality, z is equal to each 0 of the elements of (w0).

fun ( ) is strongly stable: First of all, we have to check that f (x) 2 D(E ), for any ( nite) x 2 D(E ). Let v1 ?n f (x). Let w1 = f(z e ) 2 j z x and e 2 v1g. By de nition, w1 is nite and non-empty. Hence w1 2 ;(E ( E ). We have (w1) 2 ;(!E ) since (w1) is bounded. Hence v1 = (w1) 2 ; . Next we prove that fun ( ) is strongly stable. Let A 2 C (E ), and let v2 / fun (A). Let w2 = f(z e ) 2 j (z x for some x 2 A and e 2 v2)g and let x 2 A. Since v2 / fun (A), there exists e 2 v2 such that e 2 fun (x). Hence there exists z 2 (w2) such that z x, by de nition of fun and w2. It follows that (w2) c A. Hence (w2) 2 C (E ) by lemma 13.3.7. This entails v2 = (Vw2) 2 ; . V fun Hence fun ( A ) 2 C ( E ). We show moreover that ( )(A) fun ( )( A). Let V e 2 fun ( )(A), i.e. fe g / fun ( )(A). Then, instantiating above v2 as v2 = fe g (and the corresponding w2), we have ](w2) = 1, since ] (w2) = ]fe g = 1.V Let (w2) = fxg. Then x A by de nition of w2, hence e 2 fun (x) fun ( )( A). 2 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

Proposition 13.3.23 1. The category HCohl is equivalent to the category of hy-

percoherences and linear and strongly stable functions. Notice that this is slightly redundant, since the preservation of bounded glb's, which is part of our denition of linear function (cf. denition 13.1.6) is a consequence of strong stability. 2. The full subcategory of HCohl whose objects are the hereditary hypercoherences is equivalent to the category of qualitative domains and linear functions. Proof. (1) This is proved as in the stable case (cf. proposition 13.1.7). (2) We have already observed (remark 13.3.3) that at the level of objects qualitative domains are the same as hereditary hypercoherences. We claim that if (E ;) is hereditary, then A 2 C (E ) , ( 2 A) or (A is bounded): The direction ( holds in any hypercoherence, by lemma 13.3.7. Suppose conS versely that A 2 C (E ),S 62 A, and A is not bounded , i.e. A is not a state. Then there exists u A which is not in the atomic coherence ;. Let v be such that u v and v / A (such a v exists, since 62 A). We reach a contradiction as follows: v 2 ; by de nition of the state coherence u 2 ; by hereditarity : Suppose that (E ;) and (E ; ) are hereditary hypercoherences. We show that f : D(E ) ! D(E ) is linear and strongly stable i it is linear. We only have to check that \linear implies strongly stable". If f is linear and A 2 C (E ), there are two cases, by the claim: 0

0

0


360

2 A: Then, by linearity, 2 f (A) (hence f (A) 2 C (E )), and f (V A) = f () = = V f (A).

A is bounded: Then f (A) is bounded, and f (V A) = V f (A) by stability. 0

2

Proposition 13.3.24 The category HCohl, together with the comonad induced by the adjunction of proposition 13.3.22, is a !?-autonomous category.

Proof. We are left to check the natural isomorphisms. The isomorphism !1 =I is immediate as with coherence spaces. We check !(E E ) = (!E ) (!E ) (notice that we did not prove that HCoh is cartesian closed: this will rather follow as a 0

0

corollary, cf. proposition 13.2.16). We have j!(E E )j = K(D(E E )) = K(D(E ) D(E )) = K(D(E )) K(D(E )) = j!E j j!E j = j(!E ) (!E )j and A 2 ;(!(E E )) , A 2 C (E E ) , (AdE 2 C (E ) and AdE 2 C (E ) (by proposition 13.3.12) , (AdE AdE ) 2 ;((!E ) (!E )) : 0

0

0

0

0

0

0

0

0

0

0

0

2

13.4 Bistructures * Berry Ber79] combined the stable approach and the continuous approach by de ning bidomains, which maintain extensionality and stability together, and thus oer an order-extensional account of stability (cf. sections 6.3 and 6.4). His work was then revisited by Winskel, resulting in a theory of stable event structures Win80]. The account oered here, based on CPW96] is informed by linear logic (which was not available at the time of Ber79, Win80]. We introduce a !?-autonomous category of event bistructures, where the de nition of composition is proved correct by means of an interaction between two order relations over events. We build up on coherence spaces (cf. section 13.1). Let E and E be two coherence spaces. Recall that the structure E ! E has as events the pairs (x e ) of a nite state of E and an event of E , that these events, when put together to form a higher-order state , describe the minimal points of the function represented by , and that the inclusion of states naturally corresponds to the stable ordering. In E ! E , there arises a natural order between events, which is inspired by contravariance: (x1 e1) L (x e ) , (x x1 and e1 = e ): 0

0

0

0

0

0

0

0

0

13.4. BISTRUCTURES *

361

The superscript L will be explained later. The order L allows us to describe the pointwise order between stable functions, at the level of traces. Denition 13.4.1 Let E and E be two coherence spaces. We de ne a partial order v on D(E ! E ) by v , 8 (x e ) 2 9 x x (x e ) 2 , or, equivalently: 0

0

0

v , 8e

00

0

2 9e

00

1

(e

00

0

L e

00

1

0

and e1 2 ): 00

Proposition 13.4.2 Let E and E be coherence spaces, and f g : D(E ) !st D(E ). 0

0

Then the following equivalence holds: f ext g , trace (f ) v trace (g ).

We shall see (lemma 13.4.12) that v can be factored as vL , where is the part of used in the check of v (notice that, given (x e ) the x is unique). Next we want to force stable functionals to be order extensional, that is, we want to retain only the functionals H such that 8 ( v ) H () H ( )) (where we freely confuse functions with their traces), which, by the de nition of vL , can be rephrased as 8 ( vL ) H () H ()): Therefore we ask for 0

0

8 e 2 H 8 e (e R e ) 9 e 2 H e L e ) where the order R is de ned by ( e ) R ( e ) , ( vL and e = e ): Denition 13.4.3 (bistructure) A bistructure (E ^ _ L R) (or E^ for short) is given by a set E of events, by a reexive and symmetric binary relation _ on E , called coherence relation, and by partial orders L and R , satisfying the following axioms. (B1) 8 e e 2 E (e #L e ) e ^ _e ) where e #L e means 9 e 2 E (e L e and e L e ), and where e ^ _ e means :(e _ e ) or e = e (cf. section 13.1). ^ (B2) 8 e e 2 E (e "R e ) e _ ê ) where " is upward compatibility with respect to R . (B3) 8 e e 2 E (e e ) (9 e 2 E e L e R e )) where = (L R )? . (B4) The relation #= (L R )? is a partial order. (B5) 8 e 2 E fe 2 E j e # eg is nite. 000

000

1

0

1

1

2

1

1

2

000

1

1

000

2

0

1

1

2

1

1

2

1

2

0

2

1

1

000

1

1

2

2

0

000

0

1

1

000

2

1

2

2

2

2

1

2

1

2

0

Remark 13.4.4 In the presence of axiom (B5), which is the bistructure version of axiom I, axiom (B4) is equivalent to requiring the non-existence of in nite sequences fengn
0

0


362

The axioms of bistructures are strong enough to imply the uniqueness of the decomposition of = (L R )? , and that is a partial order.

Lemma 13.4.5 Let E be a bistructure. For all e1 e2 2 E , the following properties hold:

(e1 #L e2 and e1 "R e2 )

) e =e L R ) 9 !e (e e e ) :

e1 e 2

1

2

1

2

Proof. (1) If e1 #L e2 and e1 "R e2, then e1 ^ _ e2 and e1 _ ^ e2, which implies e1 = e2 ^ by de nition of _. (2) Suppose that e1 L e R e2 and e1 L e R e2 . Then e1 #L e2 and e1 "R e2 , therefore e1 = e2 by (1). 2 0

Lemma 13.4.6 The relation = (L R)? of de nition 13.4.3 is a partial order.

Proof. We only have to prove that is antisymmetric. Suppose e e e, and let be such that e L R e and e L R e. We factor e : for some , e L R . Since e L R e, we get = e by lemma 13.4.5 = e by the antisymmetry of R : 0

0

0

00

0

0

00

00

00

We then have e L = e L R e , and 0

0

0

= e by lemma 13.4.5 e = e by the antisymmetry of 0

0

0

L

:

2

We next de ne states of bistructures.

Denition 13.4.7 Let E = (E ^ _ L R) be a bistructure. A state of E is a subset

x of E satisfying: 8 e1 e2 2 x (e1R _ e2 ) (consistency) 8 e 2 x 8 e1 ê 9 e2 (e1 L e2 and e2 2 x) (extensionality) :

We write (D(E ) v vR) for the collection of states of E , equipped with two orders vR and v, which are called the stable order and the extensional order, respectively, and which are de ned as follows:

vR is the set-theoretic inclusionL x v y , 8 e 2 x 9 e 2 y (e e ) : 1

1

Observe that axiom (B1) enforces the uniqueness of e2 in the extensionality condition of states, and of e1 in the de nition of v. We also de ne a third relation vL between states by

x vL y , x v y and (8 y1 2 D(E ) (x v y1 and y1 vR y ) ) y1 = y ):


363

We shall next examine some properties of the three relations vR , v, and vL .

Lemma 13.4.8 Let E be a bistructure, and let x 2 D(E ). If e is in the downward closure of x, then it is in the L downward closure of x. Proof. Let e1 2 x be such that e e1: 9 e2 e L e2 LR e1 (by factorisation) 9 e3 2 x e2 e3 (by extensionality) : Then e L e3 ts.

Lemma 13.4.9 Let vR and v be as in de nition 13.4.7. Then, for all states x y:

2

(x v y and y vR x) ) x = y:

Proof. Let e 2 x, and let e1 2 y be such that e L e1. Then, since a fortiori e1 2 x and e #L e1, we conclude that e = e1 2 y . 2 Denition 13.4.10 Let E be a bistructure, and let x 2 D(E ). We write #x for the reexive and transitive closure of the following relation #1x between events of x: e1 #1x e2 , (e1 e2 2 x and 9 e e1 L e R e2) : The following is a key lemma.

Lemma 13.4.11 Let E be a bistructure, let x y 2 D(E ) and e2 2 E such that x "R y and e2 2 x \ y . Then the following implication holds, for any e e1 2 y ):

e1 #x e2 ) e1 #y e2 :

2 x (in particular,

Proof. It is clearly enough to show this for the one step relation #1x. Let thus e be such that e1 L e R e2 By extensionality of y , and since e2 2 y , there exists e1 2 y such that e L e1. But (B1) and the consistency of y force e1 = e1 , hence e1 = e1 #y e2 . 2 Lemma 13.4.12 Let vR v, and vL be as in de nition 13.4.7. The following proper0

0

0

0

ties hold. 1. v is (vL vR )? , and satis es (B3). 2. For all states x y : x vL y ) (8 e 2 y 9 e0 2 x e1 2 y e #y e1 L e0 ). 3. vL is a partial order.

Proof. (1) Let x v y. The subset fe1 2 y j 9 e0 2 x e0 L e1g represents the part of y actually used to check x v y. But we have to close this subset to make it extensional. De ne thus

y1 = fe 2 y j 9 e0 2 x e1 2 y e #y e1 L e0 g: which is clearly consistent, as a subset of y . If e 2 y1 and e1 R e, since y is extensional, there exists e2 2 y such that e1 L e2 , and e2 2 y1 by construction. Thus y1 is a state.


364

We show x vL y1 . Suppose that x v y1 vR y1 , and let e 2 y1 . Let by construction e0 2 x and e1 2 y be such that e #y e1 L e0 . Since x v y1, e0 L e1 for some e1 2 y1 . On one hand we have e1 #L e1 by construction, on the other hand e1 _ ^ e1 follows from e1 2 y1 , e1 2 y1 , and y1 vR y1 . Hence e1 = e1 , which implies e 2 y1 by lemma 13.4.11. Hence y1 vR y1 , which completes the proof of x vL y1 . The decomposition x vL y1 vR y shows that v is contained in (vL vR )?. The converse inclusion is obvious. (2) follows obviously from the proof of (1). (3) The re!exivity and the antisymmetry follow from (vL ) (v). Let x vL y vL y , and let e 2 y . By (2), there exist e0 = e 2 y and e0 2 x such that e #y e and e #x e0 , or in full: 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

e = e0 L e1 R e2 L e2i+1 = e e2j+1 2 y for all 0 j i e0 L e1 R e2 L e2i +1 = e e2j+1 2 y for all 0 j i : 0

0

0

0

0

0

0

0

0

0

vLy and e 2 y , there exists e such that e L e and e 2 y . Since L e e , there exists e such that e e R e . Since y is extensional, there exists e 2 y such that e L e . In order to continue this lifting of the ei 's relative to y to a sequence of ei 's relative to y , we have to make sure that e L e : e L e 2 y for some e 2 y since y v y e =e since e L e e L e and e e 2 y : Since y 0

2 0

0

0

Re

0

00

1

1

00

3

3

000

3

00

2

2

0

1

00

00

00

0

0

1

0

00

1

00

00

2

00

1

00

1

1

1

0

3

0

00

3

000

000

3

0

3

00

3

0

3

00

2

3

0

2

000

00

3

3

000

3

Continuing in this way, we get

e = e0 L e1 R e2 L e2i +1 = e = e0 L e1 R e2 L e2i+1 = e 00

0

00

00

00

0

0

with e2j +1 2 y for all 0 j i and e2j +1 2 y for all 0 j i , which completes the proof of x vL y . 2 00

0

We explore some of the niteness and completeness properties of these two orders.

Lemma 13.4.13 Let E be a bistructure, let e 2 x 2 D(E ). Then there exists a nite state e]x such that e 2 e]x vR x and (8 y 2 D(E ) (e 2 y vR x) ) (e]x vR y )).

Proof. Similar to that of lemma 13.4.12. We just exhibit the de nition of e]x: e]x = fe

0

2 x j e #x eg: 0

The niteness of e]x follows from axiom (B5).

Proposition 13.4.14 Let E be a bistructure. The following properties hold. 1 : All v and vR directed lub's exist in (D(E ) v vR): 2 : The v and vR lub's of a vR directed set coincide: 3 : A state is v compact i it is vR compact i it is nite:

2


365

Proof. (1) Let be v directed. We show: z = fe 2 j e is L maximal in g is the v lub of : We rst check that z is a state. If e1 e2 2 z , then e1 2 1 , e2 2 2 for some 1 2 2 . Let 2 be such that 1 2 v . Then by de nition of z and v, it follows that e1 e2 2 . Therefore e1 _ ^ e2 . If e 2 z and e1 R e, letL 2 be such that e 2 . By extensionality of , there exists e2 2 such that e1 e2 . By de nition of z and by (B4) and (B5) (cf. remark 13.4.4), we can nd e3 2 z such that e2 L e3. Hence z is a state. It is obvious from the de nition of z that v z holds for any 2 , and that if z1 is an v upper bound of then z v z1 . SThe vR bounded lub's exist: if X D(E ) and if x is an vR upper bound of X , then X is consistent as a subset of x and extensional as a union of extensional sets of events.

S

R and t are (2) Let be vR directed. We prove that tR = t = (where t S relative to vR and v, respectively). We have to show that any e 2 is L maximal. S Suppose there exists e1 2 such that e L e1 . Then a fortiori e #L e1 , and since by vR directedness e1 e2 2 for some 2 , we get e = e1. (3) We decompose the proof into three implications: x is nite ) x is Lv compact: Let fe1 : : : eng v t. There exist e1 : : : en 2 t such that ei ei for all i. Let 1 : : : n 2 such that ei 2 i for all i, and let 2 be such that i v for all i. Then by the L maximality of e1 : : : en we get ei 2 for all i. Hence fe1 : : : en g v . x is v compact ) x is vR compact: If x vR tR, thenR a fortiori x v t, therefore x v for some 2 . We show that actually x v holds. S Let e 2 x, and let e1 2 such that e L e1 . Then we get e = e1 from e e1 2 . x is vRR compact ) x is nite: We claim that, for any z, fy j y nite and y vR zg is v directed and has z as lub. The directedness is obvious. We have to check that z vR fy j y nite and y vR z g, that is, for all e 2 z , there exists a nite y such that y vR z and e 2 y . The state e]x (cf. lemma 13.4.13) does the job. 2 We de ne a monoidal closed category of bistructures. Denition 13.4.15 (linear exponent { bistructures) Let E and E be two bistructures. The linear exponent bistructure E ( E is de ned as follows: events are pairs (e e ) where e 2 E and e 2 E (e1 e1 ) ^ e2 and e1 ^ _L(e2 e2) , e1 _ ^ _L e2 R (e1 e1 ) (e e ) , e e1 and e1 e (e1 e1 ) R (e e ) , e L e1 and e1 R e : As for coherence spaces , the coherence in the linear exponent can be de ned by either of the following equivalences (cf. lemma 13.1.5): (e1 e1) _ (e2 e2) , (e1 _ e2 ) (e1 _ 6= e2 ) e1 6=ê2))) ^ ^ ^ e2 and (e1 ^ _ _ _ (e1 e1) ^ (e2 e2) , (e1 ^ e2 ) e1 ^ e2 ) and (e1 _ e2 ) e1 _ e2 ) : 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0


366

The de nition of linear exponent suggests what the linear negation should be, and what the connective } should be. We shall de ne these connectives rightaway, and prove that they are correctly de ned. The correctness of the de nition of E ( E will then follow. 0

Denition 13.4.16 (linear negation { bistructures) Let (E _ ^ L R) be a bistructure. The linear negation E is de ned by ?

E = (E ^ _ R L): ?

Proposition 13.4.17 E is a well-de ned bistructure. ?

Proof. We put subscripts that make clear to which bistructures we refer. We have e1 #LE e2 , e1 "RE e2 ) e1 _ ^ E e2 , e1 ^ _E e2 ?

?

and similarly for (B2). The satisfaction of (B3) to (B5) follows from (LE

?

RE

= R L ) and (LE

?

?

RE

?

= R L ):

2

Denition 13.4.18 (par { bistructures) Let E and E be two bistructures. The 0

bistructure E } E is de ned as follows: events are pairs (e e ) where e 2 E and e 2 E (e1 e1 ) ^ _L(e2 e2) , e1 ^ _L e2 and e1 ^ _ e2 (e1 e1 ) (e e ) , e1 e and e1 L e (e1 e1 ) R (e e ) , e1 R e and e1 R e : 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

Proposition 13.4.19 E } E is a well-de ned bistructure. 0

Proof. (B1) Let (e1 e1) #L (e e ). We have e1 ^ _ e from e1 #L e and e1 ^ _ e from L e1 # e . (B 2) Let (e1 e1) "R (e e ), and suppose (e1 e1) ^ case, _ (e e ). As in the previous _ _ ^ we have e1 ^ e and e1 ^ e , which, combined with the de nition of (e1 e1) _ (e e ), gives e1 = e and e1 = e . The other axioms follow from the componentwise de nition of the orders. 2 Proposition 13.4.20 Let E , E , and E be bistructures, let 2 D(E ( E ) and 2 D(E ( E ). The graph composition of and is a state of E ( E . Proof. Let (e1 e1 ) (e2 e2 ) 2 , and let e1 e2 2 E be such that (e1 e1 ) 2 (e1 e1 ) 2 (e2 e2) 2 (e2 e2 ) 2 : Suppose e1 _ e2. Since (e1 e1) (e2 e2) 2 we have e1 _ ^_ ^ e2 . Since (e1 e1 ) (e2 e2 ) 2 ^ ^ , we have e1 ^ e2 . Similarly, e1 _ e2 implies e1 _ e2. Thus is consistent. 0

0

0

0

0

0

0

0

0

0

0

0

0

00

0

00

00

00

00

0

0

0

0

00

0

0

0

0

0

00

00

0

0

0

00

0

00

0

0

00

0

0

00

0

00


367

We now check that is extensional. Let (e e ) 2 , and (e1 e1 ) R (e e ). Thus e L e1 and e1 R e , and there exists e such that (e e ) 2 and (e e ) 2 . By extensionality of , and since (e1 e ) R (e e ), there exists (e2 e2) 2 such that (e1 e ) L (e2 e2), that is, e2 R e1 and e L e2 . By extensionality of , and since (e2 e1 ) R (e e ), there exists (e3 e3 ) 2 such that e3 R e2 and e1 L e3 . By extensionality of , and since (e2 e3) R (e2 e2), there exists (e4 e4) 2 such that e4 R e2 and e3 L e4 . In this way we build sequences such that 00

00

00

0

00

0

00

0

00

0

0

00

0

0

0

0

0

0

0

00

0

0

0

00

0

0

00

0

00

0

0

e L e1 R e2 R e4 R (e e ) (e2 e2) (e4 e4) : : : 2 e L e2 R e3 L e4 R e R e1 L e3 L (e e ) (e3 e3 ) : : : 2 : By axiom (B4), the sequence fen gn
0

0

00

0

00

0

0

0

00

0

00

0

00

0

0

0

(e2i e2i+1) 2 since by construction (e2i e2i) 2 and (e2i+1 e2i+1) 2 L (e1 e1) (e2i e2i+1) since by construction e1 R e2i and e1 L e2i+1 : 00

0

0

.

0

00

00

00

00

2

Thus we have all the ingredients to de ne a linear category of bistructures. Denition 13.4.21 We de ne the category BSl as follows: objects are bistructures, and for any E E , we set 0

BSlE E ] = D(E ( E ): 0

0

Composition is relation composition, and the identities are the identity relations: id E = f(e e) j e 2 E g.

Remark 13.4.22 The morphisms of BSl, unlike in the case of coherence spaces, do

not enjoy a simple abstract characterisation as \linear and extensional functions". Recall that linearity amounts to requiring all minimal points to be prime. In coherence spaces, events are in one to one correspondence with the prime states, which are singletons feg. In the present framework, feg has no reason to be extensional in general, and there may be several ways to extend feg into a minimal state. These considerations should explain why we have chosen to concentrate on a concrete description of the morphisms of BSl .

Next we de ne a tensor product. Its de nition is dictated by (and its correctness follows from) the equation (E " E ) = E } E . 0 ?

?

0?

Denition 13.4.23 (tensor { bistructures) Let E and E be two bistructures. The 0

bistructure E } E is de ned as follows: events are pairs (e e ) where e 2 E and e 2 E (e1 e1 ) _ ^L(e2 e2) , e1 _ ^L e2 and e1 _ ^ e2 (e1 e1 ) (e e ) , e1 e and e1 L e (e1 e1 ) R (e e ) , e1 R e and e1 R e : 0

0

0

0

0

0

0

0

0

0

0

0

0 0

0

0


368

The operation " is extended to a functor as follows. Let 2 D(E2 ( E2 ), and set

2 D(E

E1) and

1 (

0

0

" = f((e1 e2) (e1 e2)) j (e1 e1) 2 and (e2 e2) 2 g: 0

0

0

0

Theorem 13.4.24 The category BSl is ?-autonomous. The unit is de ned by I = (f?g id id id ).

Proof. The proof is a straightforward extension of the proof that Cohl is ?-autonomous (theorem 13.2.15). We have, say: ((e1 e1) e1 ) LE E (E ((e2 e2) e2 ) 0

00

0

0

00

00

, ,

e2 RE e1 and e1 RE e2 and e1 RE e2 (e1 (e1 e1 )) RE((E (E ) (e2 (e2 e2 )): 0

0

00

0

0

0

00

00

0

00

00

00

2

Remark 13.4.25 Like in the coherence model, we have I = I . ?

We now de ne a related cartesian closed category of order-extensional stable maps.

Denition 13.4.26 We de ne the category BS as follows: objects are bistructures and for any E:E , BSE E ] consists of the functions from D(E ) to D(E ) which are 0

v

0

0

v monotonic. We did not require v continuity in de nition 13.4.26, because it is an implied property. Lemma 13.4.27 Let E and E be bistructures. If f : D(E ) ! D(E ) is vR continuous and v monotonic, then it is also v continuous. Proof. Let fe : : : eng v f (x). There exist e : : : en 2 f (x) such that ei L ei for all i. By vR continuity, there exists a nite x vR x such that e : : : en 2 f (x ), hence fe : : : en g v f (x ). 2 R stable and

0

0

0

1

0

1 1

1

0

0

1

0

1

1

Denition 13.4.28 (product { bistructures) Let E and E be two bistructures. The bistructure E E is de ned as follows: events are either e:1 where e 2 E or e :2 where e (e1:i) _ ^L(e2:j ) , i = j and e1 _ ^ e2 (e1:i) (e2 :j ) , i = j and e1 L e2 (e1:i) R (e2:j ) , i = j and e1 R e2 :

0

0

0

0

2E 0

Proposition 13.4.29 The category BSl is cartesian. The terminal object is 1 = ( ).

We now relate the categories BSl and BS through an adjunction that corresponds to the fundamental decomposition E ! E = (!E ) ( E . We de ne an \inclusion" functor : BSl ! BS as follows. 0

0


369

Denition 13.4.30 We set

(E ) = E ()(x) = fe j 9 e 2 x (e e ) 2 g: 0

0

Proposition 13.4.31 The data of de nition 13.4.30 de ne a functor from BSl to BS. Proof hint. To check that () is v monotonic, we use a technique similar to the one used in the proof of proposition 13.4.20 (application is a special case of composition). 2 The following connective ! allows us to go the other way around, from BS to BSl .

Denition 13.4.32 (exponential { bistructures) Let E be a bistructure. The bistructure !E is de ned as follows: the events are the nite states of E

x1 _ x2 , x1 "R x2 ^ LR is vLR is v :

Proposition 13.4.33 !E is a well-de ned bistructure. Proof. Obviously, vR is a partial order. By lemma 13.4.12, vL is a partial order and (B3) holds. And (B2) holds a fortiori, by de nition of _ ^. (B 1) By the de nition of _ ^!E we can rephrase (B1) as (x1 #L x2 and x1 "R x2 ) ) x1 = x2:

Let x3 vL x1 x2, and let e 2 x1 . Let e0 2 x3 and e1 2 x1 be such that e #x1 e1 L e0 . Exploiting x3 v x2 and x1 "R x2, we get e1 2 x2 , and e 2 x2 then follows by lemma 13.4.11. This completes the proof of x1 vR x2 . The converse inclusion is proved symmetrically, exploiting x3 vL x2 and x3 v x1 . (B 4) We show that (L R )? is antisymmetric. Since vR and wL are both partial orders, we can consider a sequence x0 vR x0 wL x1 xn 1 wL xn = x0 and prove that x0 = x0 = x1 = = xn 1 = xn. The proof goes through two claims. 0

0

;

0

0

;

Claim 1. X = Ti=1 n xi is a state.

X is clearly consistent as a subset of, say, x0. Let e 2 X and e1 R e. Since e 2 xi , there exists ei1 2 xi such that e1 L ei1 , for all i 1. Since xi v xi 1, there exists e1i 2 xi 1 such that ei1 L e1i , for all i 1. But from e1 L e1i , e1 L ei1 1 and xi 1 vR xi 1 we conclude e1i = ei1 1 , therefore ei1 1 L ei1. On the other hand, from e1 L e01, e1 L en1 and x0 = xn , we obtain e01 = en1 . Since L is a partial order, we get e01 = = ei1 = = en1 , hence e01 2 X . 0

;

0

0

0

0

;

;

0

0

;

;

;

;


370

Claim 2. x0 vR X . 0

2 x . By lemma 13.4.12, we can nd e 2 x and e 2 x such that e #x e L e . We continue in this way and nd e 2 x e 2 x such that e #x e L e : : : en 2 xn en 2 xn = x such that en #xn en L en : We continue round the clock, generating en i 2 xi , e n i 2 xi : : : ekn i 2 xi . Since xi is nite, there exist k k for which ek n = ek n 2 x . By the antisymmetry of # (in E ), we obtain ek n = ek n = = e k n = = ek n : Therefore ek n 2 X , since ek n i 2 xi for all i. Our next goal is to carry this back to e , and show e 2 X . Suppose that we have proved em 2 X . We have em = em since em em 2 xm and em #L em em #X em since by assumption em 2 X : Hence em 2 X . Finally, we arrive at e 2 X . We can now prove (B4). From x vR x vR X we get x = x = X . From x wL x and x = X vR x we get x = x by remark 13.4.9, and, progressively, x = x = x = = xn = xn, as desired. (B 5) Let x be a nite state. Let x = fe j 9 e 2 x e # e g. This set is nite. It follows from lemma 13.4.12 that any y such that y (wL vR )? x is a subset of x, from which Let e0

0

0

0

0

0

1

2

1

0

2

0

1

;

;

1

0

1

0

1

2

1

0

1

0

1

;

+

1

2

1

0

0

0

1

1

;

;

+

0

2

+1

1

1

2 +

1

1

( 1 +1)

2

+

1

0

0

1

0

;

1

;

;

0

;

1

1

;

0

1

0

0

0

;

0

0

0

0 1

0

1

1

0

0

1

;

1

0

0

0

1

;

0

0

0 0

0

0

1

0

0

0

0

0

0

1

0

0

2

(B5) follows.

Lemma 13.4.34 Let E and E be bistructures. A function f : D(E ) ! D(E ) is vR 0

0

2 f (x) implies e 2 f (y) for some nite y v Proof. If f is continuous and e 2 f (x), then e ]f x vR f (x) (cf. lemma 13.4.13), and by continuity there exists a nite x such that e ]f x vR f (x ), hence a fortiori e 2 f (x ). Conversely, let fe S: : : en g vR f (x). Then let x : : : xn be nite S and such that ei 2 f (xi ) for all i. Then i n xi is nite, and fe : : : en g vR f ( i n xi ). 2 Theorem 13.4.35 The operation ! extends to a functor ! : BS ! BSl which is left adjoint to . continuous i, for any e x, e 0

0

0

0

1

( ) 0

1

0

R x.

0

1

( )

1

1

1

=1

=1

Proof. The correspondences between states of !E ( E and the stable and order0

extensional functions are as follows: f 7! trace (f ) = f(x e ) j e 2 f (x) and (y vR x and e 7! fun ()(z) = fe j 9 y vR z (y e ) 2 g : 0

0

0

0

0

2 f (y) ) y = x)g

We show that trace (f ) is a state. It is a set of events of !E ( E by lemma 13.4.34. Let (x1 e1) (x2 e2) 2 trace (f ) with x1 _ ^ x2, i.e. x1 "R x2 . Let x be such that R _ x1 x2 x. Then e1 ^ e2, since e1 e2 2 f (x). Suppose moreover e1 = e2 . Then x1 = x2 , by stability. This completes the proof of consistency. Let (x e ) 2 trace (f ) and 0

0

0

0

0

0

0

0

0

0

13.5. CHU SPACES AND CONTINUITY

371

(x1 e1) R (x e ). We look for (x2 e2 ) 2 trace (f ) such that (x1 e1) L (x2 e2). From e 2 f (x) we get that e is in the downward closure of f (x1) by v monotonicity. Since e1 R e , e1 is in the L downward closure of f (x1) by lemma 13.4.8, that is, e2 2 f (x1) for some e2 L e1. Therefore, by the de nition of the trace, (x2 e2) 2 trace (f ) for some x2 vR x1 . This pair ts, and this completes the proof of extensionality. In the other direction, the vR stability of fun () is obvious from the de nition of fun and the consistency of . We check that fun () is v monotonic. Let y v z , and let e 2 fun ()(y ). Let x1 vR y be such that (x1 e ) 2 . Let x2 be such that x1 vL x2 vR z. Since (x2 e ) vL (x1 e ), by extensionality there exists (x3 e3) 2 such that (x2 e ) vL (x3 e3). We have e L e3 , and e3 2 f (z ) since e3 2 f (x3 ) and x3 vR z. 2 0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

The required isomorphisms relating additives and multiplicatives are as follows:

!1 = I : The only state of 1 is , which corresponds to the unique event ? of I . !(A B) = (!A) " (!B): By the de nition of product, x is a state of E E i x = fe 2 E j (e:1) 2 xg and x = fe 2 E j (e:2) 2 xg are states of E E and x = x x . This establishes a bijective correspondence x $ (x x ) between the events of !(A B ) and those of (!A) " (!B ). 0

1

0

2

1

2

1

2

Altogether, we have constructed a !?-autonomous category of bistructures.

13.5 Chu Spaces and Continuity The Chu construction (see abPC79, Bar91b]) allows to construct a ?-autonomous category out of a monoidal category with nite limits. Here we present the construction over the category of sets, which is enough for our purposes. By imposing some ordertheoretic axioms, we arrive at the notion of casuistry. Roughly speaking, a casuistry is a dcpo together with a choice of an appropriate collection of Scott opens. A linear morphism between two casuistries is a function whose inverse image maps chosen opens back to chosen opens. For any continuous function f , the inverse image f 1 (U ) of a chosen open U is open, but is not necessarily a chosen open. An exponential construction allows to ll the gap between the morphisms of casuistries and the continuous functions. The material of this section is based on Lam94]. ;

Denition 13.5.1 (Chu space) Let K be a set. A Chu space over K (Chu space for short) is a triple A = (A? A? h i) where A? and A? are sets and h i) is a function from A? A? to K , called agreement function. A morphism f : A ! B of Chu spaces

is a pair (f? f ?) of functions, where f? : A? ! B? and f ? : B ? ! A?, satisfying, for all x 2 A? 2 B ? : (?? ) hf? (x) i = hx f ?( )i: The mapping h i can be equivalently presented as a function l : A? ! (A? ! K ) or a function r : A? ! (A? ! K ). If l is injective, we say that A is left-separated, and symmetrically, if r is injective, we say that A is right-separated. A separated Chu space

372


is a Chu space which is both left and right-separated. We write Chu for the category of Chu spaces, and Chus for the full subcategory of separated Chu spaces. There are two obvious forgetful functors ? and ? (covariant and contravariant, respectively) from Chu to the category of sets:

A? = A? (f? f ?)? = f? A? = A? (f? f ?)? = f ? : Lemma 13.5.2 The following are equivalent formulations of (??): (??l) l(f?(x)) = l(x) f ? (??r ) r(f ?( )) = r( ) f? :

Lemma 13.5.3 Every right-separated Chu space is isomorphic to a Chu space A where

A? is a set of functions from A? to K , and where hx f i = f (x). If moreover K = f? >g, every right-separated Chu space is isomorphic to a Chu space A, where A? is a set of subsets of A? , and where agreement is membership. Such a Chu space is called right-strict. Left-strict separated Chu spaces are de ned similarly.

Example 13.5.4 Every topological space (X ") is a right-strict Chu space. It is left-

separated exactly when it is T0 (cf. section 1.2). Moreover, the morphisms between topological spaces viewed as Chu spaces are exactly the continuous functions (see lemma 13.5.5), so that topological spaces and continuous functions may be considered a full subcategory of Chus .

Lemma 13.5.5 A morphism of right-separated Chu spaces A and B is equivalently de ned as a function f? : A? ! B? such that

8 2 B? 9 2 A? r( ) f? = r():

If moreover A and B are right-strict, this condition boils down to

8 2 B? f

;

1

( ) 2 A? :

Proof. Let (f? f ?) be a morphism. Then f? satis es the condition of the statement by (??r ). Conversely, the injectivity of r guarantees the uniqueness of , hence the formula of the statement de nes a function f ? : B ? ! A? . 2

Lemma 13.5.6 Let A and B be Chu spaces, and suppose that A is right-separated and that B is left-separated. Then a morphism from A to B is equivalently de ned as a function h : A? B ? ! K whose curryings factor through lB and rA . Proof. Let (f? f ?) be a morphism. Then the required h is de ned by:

h(x ) = hf?(x) i = hx f ?( )i and the factorisations are given by (??l) and (??r ), respectively. Conversely, the two factorisations determine two functions f? : A? ! B? and f ? : B ? ! A? , and (?? ) holds by construction. 2


373

Denition 13.5.7 (tensor { Chu spaces) Let A and A be two Chu spaces. Their tensor product A " A is de ned as follows: (A " A )? = A? A?. (A " A )? consists of the pairs of functions (f g), with f : A? ! A ? and g : 0

0

0

0

0

0

A? ! h(x x ) (f g )i = hx g (x )i = hx f (x)i.

A?, which satisfy hx g(x )i = hx f (x)i, for all

0

0

0

0

0

x 2 A? x 2 A?. 0

0

0

Denition 13.5.8 (linear negation { Chu spaces) The linear negation of a Chu space is de ned as follows (where is as in de nition 13.2.3):

(A? A? h iA ) = (A? A? h ?

i

):

Proposition 13.5.9 1. The category Chu is ?-autonomous. The tensor product is

as given in de nition 13.5.7, the unit is I = (f?g K ) and the dualising object is ? = (K f?g ). 2. There exists a natural bijection ChuI A] = A? . 0

Proof. For the symmetric monoidal structure, we just check that A " I = A. The ? component of A " I is A? f?g, which is A? up to natural bijection. An element of the ? component of A " I can be considered as a pair of a function f : A? ! K and an element 2 A?. Looking at the condition linking f and , we see that it boils down to the de nition of f as x:hx i.

By a similar reasoning, we get (2). To establish the closed structure, we rely on proposition 13.2.8. The dualising functor is given by de nition 13.5.8. The required isomorphisms A = A are actually identities. We verify the bijections: ??

ChuI (A " B ) ] = ChuA B]: ?

Let f : A ! B:

?

f 2 (A " B )? by the de nition of " f 2 (A " B )? by the de nition of : We conclude by using (2). To see that Chu is ?-autonomous, we proceed essentially as in proposition 13.2.15: the canonical morphism from A to (A ( ?) ( ? is the identity modulo identi cations similar to those used above for proving A " I = A. 2 Lemma 13.5.10 (slice condition) The tensor product of two right-separated Chu spaces A and A is right-separated, and can be reformulated as follows: (A " A )? = A? A?. (A " A )? consists of the functions h : A? A? ! K whose curryings factor ? ?

?

?

0

0

0

0

0

through A? and A ? , that is such that, for some f and g : 0

#l (h) = r f

#l(h ) = r g:


374

h(x y) hi = h(x y).

If moreover A and A are right-strict, then the reformulation says that (A " A )? consists of the subsets U of A? B? satisfying the following condition, called slice condition: 0

0

(8 x 2 A? fx j (x x ) 2 U g 2 A ? ) and (8 y 2 A? fx j (x x ) 2 U g 2 A? ): 0

0

0

0

0

Proof. By de nition of and by proposition 13.5.9, an element of (A " B)? can be described as a morphism of ChuA B ]. The conclusion then follows from lemma 13.5.6. 2 ?

?

Unlike right-separation, left separation has to be forced upon the tensor product structure.

Lemma 13.5.11 With every Chu space A we associate a left-separated Chu space Al as follows:

(Al)? = A?. (Al)? = A?= , where is the equivalence relation de ned by x x , 8 2 A? hx i = hx i: hx] i = hx i. 1

2

1

2

If moreover A is right-separated, then Al is separated. There is a symmetric construction Ar which forces right separation.

Proposition 13.5.12 The statement of proposition 13.5.9 holds true replacing Chu by Chus and rede ning the tensor product as A "s B = (A " B)l . (We shall omit the subscript in "s if no ambiguity can arise.)

Proof. The proof is by a straightforward adaptation of the proof of proposition 13.5.9. Notice that f : A ! B reads as f 2 (A "s B )? since (A "s B )? = (A " B )?. 2 ?

?

?

Our last step consists in adding directed lub's, more precisely directed unions. Fron now on, we assume that K = f? >g, and confuse freely a function h into K with the set it is the characteristic function of.

Denition 13.5.13 (casuistry) A casuistry is a separated Chu space A such that both A? and A? are dcpo's under the induced orders de ned by

xx

0

, l(x) l(x ) 0

W

S

(and symmetrically for A? ), and moreover l( ) = l() for any directed , and similarly for r. We call Cas the full subcategory of Chus whose objects are casuistries.


375

Exercise 13.5.14 Given a right-strict Chu space A, we say that x 2 A? is empty if 8 U 2 A? x 62 U . Consider now two casuistries A and B. Show that, for any x y ] 2 (A "s B)? : ( f(x y)g if neither x nor y are empty x y ] = the empty element of (A "s B)? otherwise : Lemma 13.5.15 A topological space (X ") viewed as a Chu space is a casuistry i its topology is T0, its specialisation order is a dcpo, and every open is Scott open.

Proof. A topology is a fortiori W closed S under directed unions. Thus the requirement concerns X . Notice that l( ) = l() reads as 8 U 2 " _ 2 U , (9 2 2 U ): 2

Lemma 13.5.16 All morphisms between casuistries preserve directed lub's. Proof. It is enough to check l(f (W )) S l(f ()). We have l(f (W )) = fU j fW(W ) 2 U g = fU j 2 f 1 (U )g ;

and we conclude by exploiting that f 1 (U ) is Scott open. 2 Proposition 13.5.17 The category Cas is ?-autonomous, and all the constructions are the restrictions of the constructions on Chus . Lub's in (A "s B)? are coordinatewise. Proof. Let A and B be casuistries. We sketch the proof that A "s BS is a casuistry. Consider a directed subset of (A "s B)? = (A " B)?. The reason why satis es the slice conditions (cf. lemma 13.5.10) is that a slice of a directed union is a directed union of slices. Consider now a directed subset of (A "s B)? . Without loss of generality, we can assume that the empty element is not in , hence (cf. exercise 13.5.14) that A? B? . We claim: ;

_

_

l( () ()) = l(): 0

In the direction &, one rst establishes pointwise monotonicity:

(x1 x2 and y1 y2 ) ) l(x1 y1) l(x2 y2):

If (x1 y1) 2 U , then x1 2 fx j (x y1) 2 U g. Hence

x2 2 fx j (x y1) 2 U g since fx j (x y1) 2 U g is open and x1 x2: We have obtained (x2 y1) 2 U , from which we obtain (x2 y2) 2 U by a similar reasoning, now using the slice fy j (x2 y ) 2 U g. The direction is proved similarly, making use of the fact that the slices are Scott open by de nition of casuistries. 2


376

Proposition 13.5.18 The categories Chu, Chus, and Cas are cartesian. The terminal object is (f?g ) (with vacuous h i). The product in Chu is given by (A A )? = A? A? (A A )? = A(? + A? ? 0

0

0

if 2 A if 2 A ? :

hx i hx0 i

h(x x0) i =

0

In Chus , and Cas, right separation has to be forced, and the product s (or if no ambiguity can arise) is given by

A s A = (A A )r : 0

0

If A and A are right-strict, then we can reformulate their product (in Chus , and Cas) as follows: 0

(A A )? = A? A? (A A )? = fU A j U 2 A? g fA U j U 0

0

0

0

0

The order induced on A? A? is the pointwise ordering.

0

2 A?g :

0

Proof. We only show that 1 is terminal, and that the induced order on prod-

ucts is pointwise. By the vacuity of 1? , being a morphism into 1 amounts to being a function to !? = f?g. Suppose that (x x ) (y y ), and that x 2 U . Then (x x ) 2 U A 2 (A A )?. Hence (y y ) 2 U A , i.e. y 2 A. Similarly we get x y . The converse direction is proved similarly. 2 0

0

0

0

0

0

0

0

0

Finally, we de ne an adjunction between the category of casuistries and the category of dcpo's.

Proposition 13.5.19 Consider the two following functors : Dcpo ! Cas and ! : Cas ! Dcpo, de ned as follows:

(D ?) = (D S (D) 2) (f ) = f !(X? X h i) = (X? ) !(f ) = f

where S (D) denotes Scott topology (cf. de nition 1.2.1), and where in the second line is the induced ordering (cf. de nition 13.5.13). Then a !. Moreover, the induced comonad !, written simply !, satis es the isomorphisms of de nition 13.2.12, i.e. casuistries together with ! form a !?-autonomous category, whose Kleisli category is equivalent to the category Dcpo.

Proof. To establish the adjunction, we have to prove that, given (D ) and (X? X ? 2 ), a function f : D ! X? is a Chu morphism from (D S (D) 2) to (X? X ? 2) i it is a directed lub preserving function from (D ) to (X? ). If f is a Chu morphism, then it preserves directed lub's with respect to the induced orders by lemma 13.5.16. But (cf. lemma 1.2.3) the induced, or specialised, order of a Scott topology is the original order, i.e. ! = id . Hence f preserves the lub's with respect to the order of D. If f


377

preserves directed lub's, then it is continuous with respect to the Scott topologies, and a fortiori it is a Chu morphism from (D S (D) 2) to (X? X ? 2), since X ? S (X?) by proposition 13.5.15. We already observed that ! = id , hence a fortiori ! is surjective on objects. As a consequence (cf. remark 13.2.14), the Kleisli category is equivalent to Dcpo, and thus is cartesian closed, which in turn entails the isomorphisms !(A B) = (!A) " (!B), by proposition 13.2.17. We are left to show !1 = I . Recall that I , formulated as a right-strict Chu space, is (f?g f f?gg). We have

I? = (!1)? and I ? is the Scott topology over f?g:

2

Remark 13.5.20 We have expressed the comonad for the stable model and for the

hypercoherence model via an adjunction of the form ! a , while we just presented a continuous model via an adjunction of the form a !. One should not take that too seriously. In each situation, we have called the obvious inclusion at hand. But both the stable and the continuous ! are faithful functors: in particular, morphisms in Cas can be considered as special Scott-continuous functions (those mapping (chosen) opens to chosen opens).

A more liberal ! (leading to a larger Kleisli category), also taken from Lam94], is described in exercise 13.5.21.

Exercise 13.5.21 Call a topological space (X ") anti-separated if fx j (x x) 2 U g 2

", for any subset U of X X satisfying the slice condition (cf. lemma 13.5.10). Show that Dcpo is a full subcategory of the category Cas of anti-separated topological spaces which moreover viewed as Chu spaces are casuistries. Show that Cas together with the following de nition of ! yields a !?-autonomous category whose Kleisli category is equivalent to Cas: !A = the smallest anti-separated topology on A? containing A?: Hints: (1) The anti-separation condition says that the diagonal function x:(x x) is continuous from X (viewed as a separated Chu space) to X " X . (2) Follow the guidelines of remark 13.2.21. (2) In order to prove U a !, give an inductive de nition of !(A)?.

378


Chapter 14 Sequentiality This chapter is devoted to the semantics of sequentiality. At rst-order, the notion of sequential function is well-understood, as summarized in theorem 6.5.4. At higher orders, the situation is not as simple. Building on theorem 13.3.16, Ehrhard and Bucciarelli have developped a model of strongly stable functions, which we have described in section 13.3. But in the strongly stable model an explicit reference to a concept of sequentiality is lost at higher orders. Here there is an intrinsic diculty: there does not exist a cartesian closed category of sequential functions (see theorem 14.1.16). Berry suggested that replacing functions by morphisms of a more concrete nature, retaining informations on the order in which the input is explored in order to produce a given part of the output, could be a way to develop a theory of higher-order sequentiality. This intuition gave birth to the model of sequential algorithms of Berry and Curien, which is described in this chapter. In section 14.1 we introduce Kahn and Plotkin's ( liform and stable) concrete data structures and sequential functions between concrete data structures. This de nition generalizes Vuillemin's de nition 6.5.1. A concrete data structure consists of cells that can be lled with a value, much like a PASCAL record eld can be given a value. A concrete data structure generates a cpo of states, which are of sets of pairs (cell,value), also called events (cf. section 12.3). Cells generalize the notion of argument position that plays a central role in Vuillemin's de nition of sequential function. Kahn-Plotkin's de nition of sequential function is based on cells, and reads roughly as follows: for a given input x and output cell c , if c is lled in f (y) for some y x, then there exists a cell c, depending on x and c only, such c is lled in any such y. In other words, it is necessary to compute the value of c in order to ll c`. Such a cell c is called a sequentiality index at (x c ). The category of sequential functions on concrete data structures is cartesian, but not cartesian closed. In section 14.2, we de ne sequential algorithms on concrete data structures. They can be presented in dierent ways. We rst de ne an exponent concrete data structure, whose states are called sequential algorithms. The notion of ab0

0

0

0

379

CHAPTER 14. SEQUENTIALITY

380

stract algorithm provides a more intuitive presentation. An abstract algorithm is a partial function that maps a pair of a ( nite) input state x and an output cell c to either an output value v (if (c v ) 2 f (x) or to an input cell c, where c is a sequentiality index at (x c ). Hence sequential algorithms involve an explicit choice of sequentiality indexes. Many functions admit more than one sequentiality index for a given pair (x c ). For example, adding two numbers requires computing these two numbers. In the model of sequential algorithms, there exist two addition algorithms, one which computes the rst argument then the second before adding them, while the other scans its input in the converse order. We show that sequential algorithms form a category. Due to the concrete nature of the morphisms, it takes some time until we can recognize the structure of a category. A third presentation of sequential algorithms as functions between domains containing error values is given in section 14.4. In section 14.3, we present a linear decomposition of the category of sequential algorithms. We de ne symmetric algorithms, which are pairs of sequential functions, mapping input values to output values, and output exploration trees to input exploration trees, respectively. It is convenient to work with sequential data structures, which are a more symmetric reformulation of ( liform and stable) concrete data structures. Sequential data structures and symmetric algorithms are the objects and morphisms of a symmetric monoidal closed category called AFFALGO, which is related to the category of seauential algorithms through an adjunction. The category AFFALGO is also cartesian. Moreover the unit is terminal. Due to this last property, our decomposition is actually an ane decomposition (cf. remark 13.2.23). The category of symmetric algorithms is a full subcategory of a category of games considered by Lamarche Lam92b]. Related categories are studied in Bla72, Bla92, AJ92]. In section 14.4 we investigate an extension of Pcf with a control operator catch (cf. section 8.5), and show that the model of sequential algorithms is fully abstract for this extension. 0

0

0

0

0

0

14.1 Sequential Functions First we de ne the concrete data structures (cds's). We give some examples of cds's, and de ne the product of two cds's. We then de ne Kahn-Plotkin sequential functions KP93], which generalise the rst-order sequential functions of de nition 6.5.1. The category of cds's and sequential functions is cartesian but not cartesian closed.

Denition 14.1.1 A concrete data structure (or cds) M = (C V E `) is given

by three sets C , V , and E of cells, of values, and of events, such that

E CV

and

8 c 2 C 9 v 2 V (c v) 2 E

14.1. SEQUENTIAL FUNCTIONS

381

and a relation ` between nite parts of E and elements of C , called enabling relation. We write simply e1 : : : en ` c for fe1 : : : eng ` c. A cell c such that ` c is called initial. Proofs of cells c are sets of events dened recursively as follows: If c is initial, then it has an empty proof. If (c1 v1) : : : (cn vn ) ` c, and if p1 : : : pn are proofs of c1 : : : cn , then p1 f(c1 v1)g pn f(cn vn)g is a proof of c. A state is a subset x of E such that: 1. (c v1) (c v2) 2 x ) v1 = v2, 2. if (c v ) 2 x, then x contains a proof of c . The conditions (1) and (2) are called consistency and safety, respectively. The set of states of a cds M, ordered by set inclusion, is a partial order denoted by (D(M) ) (or (D(M) )). If D is isomorphic to D(M), we say that M generates D. We assume moreover that our cds's are well-founded, stable, and liform, by which we mean:

Well-founded: The reexive closure of the relation

Domains and Lambda-calculi

Homogeneous Bounded Domains and Siegel Domains

Continuous lattices and domains

Continuous Lattices and Domains

Quadrature Domains and Their Applications

Cellular Domains

Quadrature Domains

Stability Domains

Sobolev spaces on domains

Foucault's New Domains

Modular Protein Domains

Factorization in Integral Domains

Natural Selection: Domains, Levels, and Challenges

Domains in Ferroic Crystals and Thin Films

Domains in Ferroic Crystals and Thin Films

Integrity in the Public and Private Domains

The Geometry of Complex Domains

Function theory on planar domains

Differentiable Functions on Bad Domains

Differentiable Functions on Bad Domains

Semantic Processing for Finite Domains

On Automorphisms of Siegel Domains

Differentiable Functions on Bad Domains

Differentiable functions on bad domains

The geometry of complex domains

Factoring Ideals in Integral Domains

Differentiable functions on bad domains

Modules over non-Noetherian domains

Semantic Domains in Computational Linguistics

Continuous Lattices and Domains (Encyclopedia of Mathematics and its Applications)

Modeling and Simulation Fundamentals: Theoretical Underpinnings and Practical Domains

Domains and Lambda-calculi

Homogeneous Bounded Domains and Siegel Domains

Continuous lattices and domains

Continuous Lattices and Domains

Quadrature Domains and Their Applications

Cellular Domains

Quadrature Domains

Stability Domains

Sobolev spaces on domains

Foucault's New Domains

Modular Protein Domains

Factorization in Integral Domains

Natural Selection: Domains, Levels, and Challenges

Domains in Ferroic Crystals and Thin Films

Domains in Ferroic Crystals and Thin Films

Integrity in the Public and Private Domains

The Geometry of Complex Domains

Function theory on planar domains

Differentiable Functions on Bad Domains

Differentiable Functions on Bad Domains

Semantic Processing for Finite Domains

On Automorphisms of Siegel Domains

Differentiable Functions on Bad Domains

Differentiable functions on bad domains

The geometry of complex domains

Factoring Ideals in Integral Domains

Differentiable functions on bad domains

Modules over non-Noetherian domains

Semantic Domains in Computational Linguistics

Continuous Lattices and Domains (Encyclopedia of Mathematics and its Applications)

Modeling and Simulation Fundamentals: Theoretical Underpinnings and Practical Domains

Recommend Documents