Stone Duality for Markov Processes

Dexter Kozen∗, Kim G. Larsen†, Radu Mardare† and Prakash Panangaden‡

∗Computer Science Department, Cornell University, Ithaca, New York, USA †Department of Computer Science, University of Aalborg, Aalborg, Denmark ‡School of Computer Science, McGill University, Montreal, Canada

Abstract instances. This allows us to use the Rasiowa–Sikorski lemma [5] to establish our results without needing to We define Aumann algebras, an algebraic analog assume Lindenbaum’s lemma. of probabilistic modal logic. An Aumann algebra con- Our key results are: sists of a Boolean algebra with operators modeling • a description of a new class of algebras that cap- probabilistic transitions. We prove a Stone-type dual- tures, in algebraic form, the probabilistic modal ity theorem between countable Aumann algebras and logics used for continuous-state Markov pro- countably-generated continuous-space Markov pro- cesses; cesses. Our results subsume existing results on com- • a version of the duality for countable algebras pleteness of probabilistic modal logics for Markov and a certain class of countably-generated Markov processes. processes; and • a complete axiomatization where the infinitary 1. Introduction axiom schemes have only uncountably many in- stances. For Markov processes, the natural logic is a simple The duality is represented in the diagram below. modal logic with probability bounds on the modalities. Here SMP stands for countably based Stone Markov It is therefore tempting to understand this logic alge- processes and AA for countable Aumann algebras. braically in the same way that Boolean algebras cap- The formal definitions are given in §§3–4. ture propositional reasoning and the Jonsson-Tarski [1] results give duality for algebras arising from modal A logics. SMP AAop In this paper, we develop a Stone-type duality for M continuous-space probabilistic transitions systems and a certain kind of algebra that we have named Aumann algebras. These are Boolean algebras with operators 1.1. A Technical Summary that behave like probabilistic modalities. Recent papers [2–4] have established completeness theorems and The duality theorem proved in this paper has some finite model theorems for similar logics. novel features that distinguish it from many others that A comparison with related work appears in §7. We have appeared in the literature. note here that we go beyond existing completeness We have avoided the assumption that every consis- results [2–4] in a number of ways. The strong com- tent set of formulas can be expanded to a maximal con- pleteness theorems of Goldblatt [3] use a powerful sistent set axioms [6] by using the Rasiowa–Sikorski infinitary axiom scheme with an uncountable set of lemma (whose proof uses the Baire category theorem) instances and establish the results contingent on the in the following way. In going from the algebra to the assumption that every consistent set of formulas can be dual Markov process, we look at ultrafilters that do expanded to a maximally consistent set (Lindenbaum’s not respect the infinitary axioms of Aumann algebras. lemma). In our version we show that this assumption We call these bad ultrafilters. We show that these can be proved. The key point is that we use differ- form a meager set (in the standard topological sense) ent infinitary axioms that have only countably many and can be removed without affecting the transition probabilities that we are trying to define. Countability on a measurable space M = (M, Σ) is a countably is essential here. In order to show that we do not additive set function µ :Σ → R+. A measure is a affect the algebra of clopen sets by doing this, we probability measure if in addition µ(M) = 1. We use introduce a distinguished base of clopen sets in the ∆(M, Σ) to denote the set of probability measures on definition of Markov process, which has to satisfy (M, Σ). some conditions. We show that this forms an Aumann A fundamental fact that we use is about extending algebra. We are able to go from a Markov process set functions to measures. This is Theorem 11.3 of [7]. to an Aumann algebra by using this distinguished It says that a finitely additive and countably subadditive base. Morphisms of Markov processes are required to function on a field of sets can be uniquely extended to preserve distinguished base elements backwards; that a measure on the σ-algebra generated by the field. −1 is, if f : M → N and A ∈ AN , then f (A) ∈ AM. We can view ∆(M, Σ) as a measurable space by Thus we get Boolean algebra homomorphisms in the considering the σ-algebra generated by the sets {µ ∈ dual for free. ∆(M, Σ) | µ(S) ≥ r} for S ∈ Σ and r ∈ [0, 1]. Removing bad points has the effect of destroying This is the least σ-algebra on ∆(M, Σ) such that all compactness of the resulting topological space. We maps µ 7→ µ(S) : ∆(M, Σ) → [0, 1] for S ∈ Σ are introduce a new concept called saturation that takes measurable, where the real interval [0, 1] is endowed the place of compactness. The idea is that a saturated with the σ-algebra generated by all rational intervals. model has all the good ultrafilters. The Stone dual of an Every topological space has a natural σ-algebra Aumann algebra is saturated, because it is constructed associated with it, namely the one generated by the that way. However, it is possible to have a Markov open sets. This is called the Borel algebra of the space, process that is unsaturated but still represents the same and the measurable sets are called Borel sets. algebra. For example, we removed bad points and Recall that a topological space is said to be sep- could, in principle, remove a few more; as long as the arable if it contains a countable dense subset and remaining points are still dense, we have not changed second countable if its topology has a countable base. the algebra. One can saturate a model by a process Second countability implies separability, but not vice akin to compactification. We explicitly describe how versa in general; however, the two concepts coincide to do this below. for metric spaces. A Polish space is the topological space underlying a complete separable metric space. 2. Background An analytic space is a continuous image of a Polish space in another Polish space. More precisely, if X In this section we present background from measure and Y are Polish spaces and f : X → Y is continuous, theory and topology. For proofs we refer the reader to then the image f(X) is an analytic space. Remarkably, [7] or [8]. We do not discuss the Stone duality theorem; one does not get a broader class by allowing f to be this is discussed elsewhere in this volume. merely measurable instead of continuous and by taking We use Q0 to denote the set Q ∩ [0, 1]. the image of a Borel subset of X instead of X. Measurable Spaces and Measures Analytic spaces enjoy remarkable properties that Let M be an arbitrary nonempty set. We assume that were crucial in proving the logical characterization of the basic notions like field of sets, σ-algebra, measur- bisimulation [9, 10]. We note that the completeness able set and measurable function are know. Similarly theorems proved in [2, 11, 12] were established for with topology, open and closed set and continuous Markov processes defined on analytic spaces. function and the Borel algebra of a topology. We The Baire Category Theorem use M → N to denote the family of measurable The Baire category theorem is a topological result functionsJ fromK (M, Σ) to (N, Ω). with important applications in logic. It can be used to If Ω ⊆ 2M , the σ-algebra generated by Ω, denoted prove the Rasiowa–Sikorski lemma [5] that is central Ωσ, is the smallest σ-algebra containing Ω. for our paper. Let R+ = {r ∈ R | r ≥ 0}. A nonnegative real- A subset D of a topological space X is dense if its valued function µ defined on a collection of sets (a set closure D is all of X. Equivalently, a dense set is one function) is finitely additive if µ(A∪B) = µ(A)+µ(B) intersecting every nonempty open set. A set N ⊆ X whenever A ∩ B = ∅. We say that µ is countably is nowhere dense if every nonempty open set contains S P subadditive if µ( i Ai) ≤ i µ(Ai) for a countable a nonempty open subset disjoint from N. A set is said family of measurable sets, and we say that µ is count- to be of the first category or meager if it is a countable P ably additive if µ(∪iAi) = i µ(Ai) for a countable union of nowhere dense sets. A basic fact that we pairwise-disjoint family of measurable sets. A measure use is that the boundary of an open set is nowhere dense. A Baire space is one in which the intersection domain. Two Markov processes M1, M2 are said to of countably many dense open sets is dense. For us, be bisimilar if there is a third Markov process M and the relevant fact is: every compact Hausdorff space is a span of zig-zags fi : M → Mi, i = 1, 2. Two states Baire. mi ∈ supp(Mi), i = 1, 2, are said to be bisimilar if there exist a span of zig-zags f : M → M , i = 1, 2 Definition 1. Let B be a Boolean algebra and let T ⊆ i i and m ∈ supp(M) such that m = f (m), i = 1, 2. B be such that T has a greatest lower bound V T in i i We write (M , m ) ≈ (M , m ) to indicate that m B. An ultrafilter (maximal filter) U is said to respect 1 1 2 2 1 and m are bisimilar in this sense. T if T ⊆ U implies that V T ∈ U. 2 In the context of analytic spaces, one can define If T is a family of subsets of B, we say that an bisimulation between the states of a Markov process ultrafilter U respects T if it respects every member of using a relational definition [9, 10, 14]. T . Markovian logic (ML) is a multi-modal logic for Theorem 2 (Rasiowa–Sikorski lemma [5]). For any semantics based on MPs [2, 4, 11, 14–17]. In addition Boolean algebra B and any countable family T of to the Boolean operators, this logic is equipped with subsets of B, each member of which has a meet in B, probabilistic modal operators Lr for r ∈ Q0 that and for any nonzero x ∈ B, there exists an ultrafilter bound the probabilities of transitions. Intuitively, the in B that contains x and respects T . formula Lrϕ is satisfied by m ∈ M whenever the This lemma was later proved by Tarski in a purely probability of a transition from m to a state satisfying algebraic way. See [3] for a discussion of the role of ϕ is at least r. the Baire category theorem in the proof. Definition 5 (Syntax). The formulas of L are defined, for a set P of atomic propositions, by the grammar 3. Markov Processes and Markovian Logic ϕ ::= p | ⊥ | ϕ → ϕ | Lrϕ Markov processes (MPs) are models of probabilis- where p can be any element of P and r of Q . tic systems with a continuous state space and prob- 0 abilistic transitions [9, 10, 13]. In earlier papers, they The Boolean operators ∨, ∧, ¬, and > are defined were called labeled Markov processes to emphasize the from → and ⊥ as usual. For r1, . . . , rn ∈ Q0 and fact that there were multiple possible actions, but here ϕ ∈ L, let we will suppress the labels, as they do not contribute L ϕ = L ··· L ϕ. any relevant structure for our results. r1···rn r1 rn The Markovian semantics for L is defined as fol- Definition 3 (Markov process). A Markov process lows. For MP M = (M, Σ, θ), m ∈ M and an (MP) is a tuple M = (M, Σ, θ), where (M, Σ) is an i : M → 2P analytic space and θ ∈ M → ∆(M, Σ) . interpretation function , J K • M, m, i  p if p ∈ i(m), In a Markov process M = (M, Σ, θ), M is the • M, m, i  ⊥ never, support set, denoted by supp(M), and θ is the tran- • M, m, i  ϕ → ψ if M, m, i  ψ whenever sition function. For m ∈ M, θ(m):Σ → [0, 1] is M, m, i  ϕ, a probability measure on the state space (M, Σ). For • M, m, i  Lrϕ if θ(m)( ϕ ) ≥ r, N ∈ Σ, the value θ(m)(N) ∈ [0, 1] represents the J K where ϕ = {m ∈ M | M, m, i  ϕ}. probability of a transition from m to a state in N. For the lastJ K clause to make sense, ϕ must be The condition that θ is a measurable function measurable. This is guaranteed by theJ factK that θ ∈ M → ∆(M, Σ) is equivalent to the condition that M → ∆(M, Σ) (see e.g. [2]). forJ fixed N ∈ ΣK, the function m 7→ θ(m)(N) is a J Given M and Ki, we say that m ∈ supp(M) satisfies measurable function M → [0, 1] (see e.g. Proposi- ϕ if M, m, i ϕ. We write M, m, i 6 ϕ if not tion 2.9 of [13]). J K   M, m, i ϕ and M, m, i Φ if M, m, i ϕ for Given two Markov processes M = (M , Σ , θ ),    i i i i all ϕ ∈ Φ. We write Φ ϕ if for any M and i, i = 1, 2, a surjective measurable function f : M →  1 M, m, i ϕ whenever M, m, i Φ. A formula or M is a zig-zag if for any m ∈ M and B ∈ Σ ,   2 1 2 set of formulas is satisfiable if there exist an MP M, θ (m)(f −1(B)) = θ (f(m))(B). Such a map is 1 2 m ∈ supp(M) and i that satisfies it. We say that ϕ is essentially a functional version of bisimulation [9]. valid and write  ϕ if ¬ϕ is not satisfiable. Definition 4. A span in a category is a pair of We now present an axiomatization of ML for Marko- morphisms f : A → B and g : A → C with a common vian semantics. The system is a Hilbert-style system consisting of the axioms and rules of propositional 4.1. Definition of Aumann Algebras modal logic and the axioms and rules listed in Table 1. The axioms and the rules are stated for arbitrary Definition 7 (Aumann algebra). An Aumann algebra Q ϕ, ψ ∈ L and arbitrary r, s ∈ 0. (AA) is a structure A = (A, →, ⊥, {Fr}r∈Q0 , ≤) where (A1) ` L0ϕ • (A, →, ⊥, ≤) is a Boolean algebra; (A2) ` Lr> • for each r ∈ Q0, Fr : A → A is a unary (A3) ` Lrϕ → ¬Ls¬ϕ, r + s > 1 operator; and (A4) ` Lr(ϕ ∧ ψ) ∧ Ls(ϕ ∧ ¬ψ) → Lr+sϕ, r + s ≤ 1 • the axioms in Table 2 hold for all a, b ∈ A and

(A5) ¬Lr(ϕ ∧ ψ) ∧ ¬Ls(ϕ ∧ ¬ψ) → ¬Lr+sϕ, r + s ≤ 1 r, s, r1, . . . , rn ∈ Q0. ` ϕ → ψ The Boolean operations ∨, ∧, ¬, and >, are defined (R1) ` Lrϕ → Lrψ from → and ⊥ as usual.

(R2) {Lr1···rnrψ | r < s} ` Lr1···rnsψ Morphisms of Aumann algebras are Boolean alge- bra homomorphisms that commute with the operations Table 1. Axioms of L Fr. The category of Aumann algebras and Aumann algebra homomorphisms is denoted AA. We abbreviate F ··· F a by F a. If Φ ⊆ L and ϕ ∈ L, we write Φ ` ϕ and say that r1 rn r1···rn Φ derives ϕ if ϕ is provable from the axioms and the (AA1) > ≤ F0a extra assumptions Φ. We write ` ϕ if ` ϕ. ∅ (AA2) > ≤ F > A formula or set of formulas is consistent if it cannot r derive ⊥. We say that Φ ⊆ L is maximally consistent (AA3) Fra ≤ ¬Fs¬a, r + s > 1 if it is consistent and it has no proper consistent (AA4) Fr(a ∧ b) ∧ Fs(a ∧ ¬b) ≤ Fr+sa, r + s ≤ 1

extensions. The set Φ is filtered if for all ϕ, ψ ∈ Φ (AA5) ¬Fr(a ∧ b) ∧ ¬Fs(a ∧ ¬b) ≤ ¬Fr+sa, r + s ≤ 1

there exists ρ ∈ Φ with ` ρ → ϕ ∧ ψ. (AA6) a ≤ b ⇒ Fra ≤ Frb The (strong) completeness of this logic is proved in V
(AA7) Fr ···r ra = Fr ···r sa [4, 11] by assuming Lindenbaum’s lemma and using r

LrΦ ` Lrϕ The operator Fr is the algebraic counterpart of the

where LrΦ = {Lrψ | ψ ∈ Φ}. A consequence of our logical modality Lr. The first two axioms state tau- duality theorem is (strong) completeness of ML with tologies, while the third captures the way Fr interacts the axiomatization in Table 1. with negation. Axioms (AA4) and (AA5) assert finite The logical equivalence induced by ML on the additivity, while (AA6) asserts monotonicity. class of MPs coincides with bisimulation equiva- The most interesting axiom is the infinitary axiom lence [9, 10]. The proof requires that the state space (AA7). It asserts that Fr1···rnsa is the greatest lower be an analytic space. bound of the set {Fr1···rnra | r < s} with respect to the natural order ≤. In SMPs, it will imply countable Theorem 6 (Hennessy-Milner). Given two MPs Mi additivity. and mi ∈ supp(Mi), i = 1, 2, (M1, m1) ≈ The following lemma establishes some basic conse- (M2, m2) iff for all ϕ ∈ L, quences. M1, m1  ϕ ⇔ M2, m2  ϕ. Lemma 8. Let A = (A, →, ⊥, {Fr}r∈Q0 , ≤) be an Aumann algebra. For all a, b ∈ A and r, s ∈ Q0, 4. Aumann Algebras (i) Fr⊥ = ⊥ for r > 0; (ii) if r ≤ s, then F a ≤ F a; In this section we introduce an algebraic version of s r (iii) if a ≤ ¬b and r + s > 1, then F a ≤ ¬F b. Markovian logic consisting of Boolean algebra with r s operators Fr for r ∈ Q0 corresponding to the operators As expected, the formulas of Markovian logic mod- Lr of ML. We call this Aumann Algebra (AA) in ulo logical equivalence form a free Aumann algebra honor of Robert Aumann, who has made fundamental that is countable. Define ≡ on formulas by: ϕ ≡ ψ if contributions to probabilistic logic [15]. ` ϕ → ψ and ` ψ → ϕ. Let [ϕ] denote the equivalence class of ϕ modulo ≡, and let L/≡ = {[ϕ] | ϕ ∈ L}. 5.3. Definition of SMP By (R1), the modality Lr is well defined on ≡- classes. The Boolean operators are also well defined Definition 10 (Stone–Markov Process). A Markov by considerations of propositional logic. process M = (M, A, θ) with distinguished base is a Stone–Markov process (SMP) if it is saturated. Theorem 9. The structure The morphisms of SMPs are just the morphisms of

(L/≡, →, [⊥], {Lr}r∈Q0 , ≤) MPs with distinguished base as defined above. is an Aumann algebra, where [ϕ] ≤ [ψ] iff ` ϕ → ψ. The category of SMPs and SMP morphisms is de- noted SMP. 5. Stone Markov Processes 6. Stone Duality In our duality theory, we work with Markov processes constructed from certain zero-dimensional In this section we describe the duality between Hausdorff spaces. We call such structures Stone– SMPs and countable AAs. This is in the spirit of the Markov processes (SMPs). classical Stone representation theorem [18], or, more precisely, the representation theorem of Jonsson and 5.1. MPs with Distinguished Base Tarski [1] for Boolean algebras with operators. Here We restrict our attention to Markov processes the details are somewhat different, as we must deal (M, A, θ), where A is a distinguished countable base with measure theory. of clopen sets that is closed under the set-theoretic Boolean operations and the operations 6.1. From AAs to SMPs Q Fr(A) = {m | θ(m)(A) ≥ r}, r ∈ 0. For this subsection, we fix an arbitrary countable The measurable sets Σ are the Borel sets of the Aumann algebra topology generated by A. Morphisms of such spaces A = (A, →, ⊥, {F } Q , ≤). are required to preserve the distinguished base; thus a r r∈ 0 morphism f : M → N is a continuous function such Let U* be the set of all ultrafilters of A. The classical that Stone construction gives a Boolean algebra of sets • for all m ∈ M and B ∈ ΣN , isomorphic to A with elements −1 θM(m)(f (B)) = θN (f(m))(B); a * = {u ∈ U* | a ∈ u}, a ∈ A −1 L M • for all A ∈ AN , f (A) ∈ AM. A * = { a * | a ∈ A}. L M L M 5.2. Saturation The sets a * generate a Stone topology τ * on U*, and the a * LareM exactly the clopen sets of the topology. Unlike Stone spaces, SMPs are not topologically LetL MF be the set of elements of the form αr = Q compact, but we do postulate a completeness property Ft1···tnra for a ∈ A and t1, . . . , tn, r ∈ 0. As before, that is a weak form of compactness, which we call we consider this term as parameterized by r; that is, r s saturation. One can saturate a given SMP by a com- if α = Ft1···tnra, then α denotes Ft1···tnsa. The set pletion procedure that is reminiscent of Stone–Cechˇ F is countable since A is. Axiom (AA7) asserts all compactification. Intuitively, one adds points to the infinitary conditions of the form structure without changing the represented algebra. An ^ αs = αr. MP is saturated if it is maximal with respect to this (1) operation. r

Now we argue that each Uαs is nowhere dense. In ≤ inf{r | ¬Fra ∈ u} + inf{s | ¬Fsb ∈ u} * s * S r * τ , ¬α is a closed set while rStone space t ≤ r + s. But (U*, τ *) and every subspace of a zero-dimensional (resp. Hausdorff) is again so, we obtain the following ¬Fra ∧ ¬Fsb = ¬Fr((a ∨ b) ∧ a) ∧ ¬Fs((a ∨ b) ∧ ¬a) result. ≤ ¬Fr+s(a ∨ b) by (AA5),

Proposition 13. The space (U, τ) is a zero- thus ¬Fr+s(a ∨ b) ∈ u, and t ≤ r + s follows from dimensional Hausdorff space. the characterization of Lemma 14. The inequality in the opposite direction is similar, Since the space of ultrafilters is compact in the using (AA4). We need to show presence of the bad ultrafilters and a * is a clopen for any a ∈ A, there exist finite setsL MC0 ⊆ F and inf{t | ¬Ft(a ∨ b) ∈ u} ≥ sup{r + s | Fra ∧ Fsb ∈ u}; S0 ⊆ Q ∩ [0, 1] and j ∈ N such that that is, if ¬F (a ∨ b) ∈ u and F a ∧ F b ∈ u, then t r s \ \ s rα s * * t ≥ r + s. But ¬α ∨ α ∩ bj = ∅, α∈C0 s∈S0L M L M Fra ∧ Fsb = Fr((a ∨ b) ∧ a) ∧ Fs((a ∨ b) ∧ ¬a) or in other words, ≤ Fr+s(a ∨ b) by (AA4), [ [ s * rα s * thus Fr+s(a ∨ b) ∈ u, and again r + s ≤ t by Lemma bj ⊆ α ∧ ¬α L M L M 14. α∈C0 s∈S0 _ _ s The following is the key technical lemma where we = (αrα ∧ ¬αs) *

use the fact that we have removed the bad ultrafilters. Lα∈C0 s∈S0 M Lemma 16. For u ∈ U, θ(u) is continuous from above Thus in the Boolean algebra A, at ∅ relatively to the field A . _ _ s L M b ≤ (αrα ∧ ¬αs). Proof: We prove that if u ∈ U (it is a good j (5) T α∈C0 s∈S0 ultrafilter) and b0 ≥ b1 ≥ · · · with i bi = ∅, then L M Consequently, inf θ(u)( bi ) = 0. i L M _ _ rs s Consider the countable set F of elements of the form θ(u)( bj ) ≤ θ(u)( (α α ∧ ¬α ) ) r L M Lα∈C0 s∈S0 M α = Ft1···tnra for a ∈ A and rational t1, . . . , tn, r ≥ X X s 0, parameterized by r. If r < s, then αs ≤ αr. Using ≤ θ(u)( αrα ∧ ¬αs )

(AA4), α∈C0 s∈S0 L M r s r s X X s θ(u)( α ∧ ¬α ) ≤ θ(u)( α ) − θ(u)( α ). (2) ≤ εϕ ≤ ε. L M L M L M α∈C0 s∈S0 r s Since u is good, Ftα ∈ u for all r < s iff Ftα ∈ u, therefore As ε > 0 was arbitrary, infi θ(u)( bi ) = 0. L M s r Since A is a field, the previous results and the θ(u)( α ) = inf θ(u)( α ). (3) L M u ∈ U L M r 0 be an arbitrarily small positive number. function θ(u) can be uniquely extended to a measure For each α ∈ F and s ∈ Q , choose εs > 0 such that on the σ-algebra Σ generated by A . 0 α L M P P εs = ε. By (2) and (3), we can choose Now we are ready to prove that M(A) is a Stone α∈F s∈Q0 α s Markov process. rα < s such that s s rα s rα s s Theorem 17. If A is a countable Aumann algebra, θ(u)( α ∧ ¬α ) ≤ θ(u)( α ) − θ(u)( α ) ≤ εα. L M L M L M then M(A) = (U, A , θ) is a Stone Markov process. T T * The assumption i bi = ∅ implies that i bi L M contains only bad ultrafilters.L M The set of good ultrafil-L M Proof: We first prove that the space of good ul- ters is trafilters is analytic. Since any second-countable Stone ! space is Polish, the set of all ultrafilters (good and \ \ [ ¬αr * ∪ αs * . (4) bad) is Polish. The good ultrafilters form a Borel set in the space of all ultrafilters—in fact, a G Borel set α∈F s∈Q0 r

6.4. Duality We present the previous results in a more categorical format. The categories of Aumann algebras (AA) and In this section we summarize the previous results in Stone Markov processes (SMP) were defined in §4 the form of the duality theorem. and §5, respectively. Theorem 21 (Duality Theorem). We define contravariant functors A : SMP → AAop and : AA → SMPop. The functor on an (i) Any countable Aumann algebra A is isomorphic M A object M produces the Aumann algebra (M) defined to ( (A)) via the map β : A → ( (A)) A A M A M in Theorem 20. On arrows f : M → N we define defined by A(f) = f −1 : A(N ) → A(M). It is well known that β(a) = {u ∈ supp(M(A)) | a ∈ u} = a . this is a Boolean algebra homomorphism. It is also L M easy to verify from the definition of morphisms in the 7. Related Work category SMP (Definition 10) that it is an Aumann algebra homomorphism. Stone duality in semantics originates with the pi- To see this explicitly, let A ∈ AN . We wish to show oneering work of Plotkin [19] and Smyth [20] who that discovered a Stone-type duality between Dijkstra’s −1 N M −1 predicate-transformer semantics and state-transformer f (Fr (A)) = Fr (f (A)). semantics. Kozen [21] developed the probabilistic ana- Using the fact that logue of this duality. The theory of Stone-type dualities for transition −1 θN (f(m))(A) = θM(m)(f (A)), systems has been investigated at length by Bonsangue and Kurz [22]. There have been many recent investiga- we have tions of Stone-type dualities in logic and computation. −1 N N Recent very interesting work by Jacobs [23] has ex- m ∈ f (Fr (A)) ⇔ f(m) ∈ Fr (A) plored convex dualities for probability and quantum ⇔ θ (f(m))(A) ≥ r N mechanics. −1 ⇔ θM(m)(f (A)) ≥ r Duality theory for LMPs was discussed by Mislove M −1 * ⇔ m ∈ Fr (f (A)). et al. [24] which is based on Gelfand duality for C - algebras. This is very interesting work but in rather a op The functor M : AA → SMP on an object A different direction from the present work which is very gives the Stone–Markov process M(A) defined in The- much in the spirit of logics for Markov processes and orem 17. On morphisms h : A → B, it maps ultrafilters is related to bisimulation and its logical characteriza- to ultrafilters by M(h) = h−1 : M(B) → M(A); that tion [9]. By contrast, the work of Mislove et al. [24] is, is related to testing.

−1 The most closely related work to ours is the work M(h)(u) = h (u) = {A ∈ AN | h(A) ∈ u}. by Goldblatt [3] on the role of the Baire cateogry theorem on completeness proofs and even more closely Another way to view M(h) is by composition, recalling that an ultrafilter can be identified with a homomor- his work on deduction systems [6] for coalgebras. The phism u : A → 2 by u = {a | u(a) = 1}. In this main difference between his work and ours is that we view, have eliminated some of the infinitary axioms that he uses, though we still retain one and, of course, we have M(h)(u) = u ◦ h, developed a duality rather than just a completeness theorem. He uses one of his infinitary axioms in order where ◦ denotes function composition. to show countable additivity of the measures that he We know from classical Stone duality that this is defines; this is what we have been able to eliminate by continuous. We need to verify that it is a morphism. our use of the Rasiowa–Sikorski lemma to eliminate It suffices to verify it on sets of the form a as these the bad ultrafilters; as far as we know this is a new generate the σ-algebra. Because h is a homomorphism,L M idea. we calculate as follows:

−1 8. Conclusions θB(u)(M(h) ( a )) = sup{r | Fr(h(a)) ∈ u} L M = sup{r | h(Fr(a)) ∈ u} As promised we have proved a duality theorem

= {r | u(h(Fr(a))) = 1} between Stone-Markov processes and Aumann alge- bras which subsumes and extends the completeness = {r | Fr(a) ∈ M(h)(u)} theorems in the literature. Our treatment improves on = θA(M(h)(u)( a )). L M the existing axiomatizations as well. The following novel features appear in our proof: Theorem 22. The functors M and A define a dual equivalence of categories. 1) We have to remove ultrafilters that fail to satisfy a key infinitary axiom and we have to show that A this does not change anything which we do by SMP AAop showing that these are “rare” in a topological M sense (meager). 2) As a result, the usual compactness for Stone The proof is given in the full version. spaces fails and we need a new concept, which we call saturation, instead. [10] P. Panangaden, Labelled Markov Processes. Imperial 3) We have to establish the relevant measure the- College Press, 2009. oretic properties of the Markov kernels that we [11] R. Mardare, L. Cardelli, and K. G. Larsen, “Continu- construct from the algebras, which again uses the ous markovian logics - axiomatization and quantified Baire category theorem in a crucial way. metatheory,” Logical Methods in Computer Science, 4) We define our Markov processes with a dis- vol. 8, no. 4, 2012. tinguished base and use this to constrain the morphisms in order to get the duality. [12] C. Zhou. and M. Ying, “Approximation of markov processes through filtration,” Theoretical Computer Sci- There are many variations one can imagine explor- ence, p. in press, Jan 2012. ing. Perhaps the most interesting one is to consider more general measure spaces and work with different [13] E.-E. Doberkat, Stochastic Relations. Foundations for bisimulation notions [25] that apply more generally. Markov Transition Systems. New York: Chapman and Hall, 2007. Our treatment is not fully localic and perhaps some of the topological subtleties of the present proof would [14] K. G. Larsen and A. Skou, “Bisimulation through prob- disappear once we adopted a more localic point of ablistic testing,” Information and Computation, vol. 94, view. pp. 1–28, 1991.

[15] R. Aumann, “Interactive epistemology I: knowledge, Acknowledgments II probability,” International Journal of Game Theory, vol. 28, pp. 263–314, 1999. We would like to thank Jean Goubault-Larrecq, Ernst-Erich Doberkat, Robert Goldblatt and Larry [16] A. Heifetz and P. Mongin, “Probability logic for type Moss for helpful discussions. We would like to thank spaces,” Games and Economic Behavior, vol. 35, no. the reviewers for their insightful comments. 1-2, pp. 31–53, April 2001. [17] R. Fagin and J. Y. Halpern, “Reasoning about knowl- References edge and probability,” Journal of the ACM, vol. 41, no. 2, pp. 340–367, 1994. [1]B.J onsson´ and A. Tarski, “Boolean algebras with operators I,” American Journal of Mathematics, vol. 73, [18] M. H. Stone, “The theory of representations for boolean pp. 891–939, 1951. algebras,” Trans. Amer. Math. Soc., vol. 40, pp. 37–111, 1936. [2] L. Cardelli, K. G. Larsen, and R. Mardare, “Continuous markovian logic - from complete axiomatization to the [19] G. D. Plotkin, “Lecture notes on domain theory,” 1983, metric space of formulas,” in CSL, 2011, pp. 144–158. available from his home page as The Pisa Notes.

[3] R. Goldblatt, “On the role of the Baire category theo- [20] M. Smyth, “Powerdomains and predicate transformers,” rem in the foundations of logic,” Journal of Symbolic in ICALP, J. Diaz, Ed. Springer-Verlag, 1983, pp. 662– logic, pp. 412–422, 1985. 676, lecture Notes In Computer Science 154.

[4] C. Zhou, “A complete deductive system for probability [21] D. Kozen, “A probabilistic PDL,” Journal of Computer logic with application to Harsanyi type spaces,” Ph.D. and Systems Sciences, vol. 30, no. 2, pp. 162–178, dissertation, Indiana University, 2007. 1985.

[5] H. Rasiowa and R. Sikorski, “A proof of the complete- [22] M. M. Bonsangue and A. Kurz, “Duality for logics of ness theorem of Godel,”¨ Fund. Math, vol. 37, pp. 193– transition systems.” in FoSSaCS, 2005, pp. 455–469. 200, 1950. [23] B. Jacobs, “Probabilities, distribution monads, and con- [6] R. Goldblatt, “Deduction systems for coalgebras over vex categories,” Theor. Comput. Sci., vol. 412, no. 28, measurable spaces,” Journal of Logic and Computation, pp. 3323–3336, 2011. vol. 20, no. 5, pp. 1069–1100, 2010. [24] M. Mislove, J. Ouaknine, D. Pavlovic, and J. Wor- [7] P. Billingsley, Probability and Measure. Wiley- rell, “Duality for labelled Markov processes,” in Interscience, 1995. FOSSACS, ser. Lecture Notes In Computer Science, I. Walukiewicz, Ed., vol. 2987, 2004, pp. 393–407. [8] R. M. Dudley, Real Analysis and Probability. Wadsworth and Brookes/Cole, 1989. [25] V. Danos, J. Desharnais, F. Laviolette, and P. Panan- [9] J. Desharnais, A. Edalat, and P. Panangaden, “Bisimu- gaden, “Bisimulation and cocongruence for probabilis- lation for labeled Markov processes,” Information and tic systems,” Information and Computation, vol. 204, Computation, vol. 179, no. 2, pp. 163–193, Dec 2002. no. 4, pp. 503–523, 2006.