Closure Hyperdoctrines, with paths Davide Castelnovo Department of Mathematics, Computer Science and Physics, University of Udine, Italy [email protected] Marino Miculan Department of Mathematics, Computer Science and Physics, University of Udine, Italy [email protected]

Abstract (Pre)closure spaces are a generalization of topological spaces covering also the notion of neighbourhood in discrete structures, widely used to model and reason about spatial aspects of distributed systems. In this paper we introduce an abstract theoretical framework for the systematic investigation of the logical aspects of closure spaces. To this end, we introduce the notion of closure (hyper)doctrines, i.e. doctrines endowed with inflationary operators (and subject to suitable conditions). The generality and effectiveness of this concept is witnessed by many examples arising naturally from topological spaces, fuzzy sets, algebraic structures, coalgebras, and covering at once also known cases such as Kripke frames and probabilistic frames (i.e., Markov chains). Then, we show how spatial logical constructs concerning surroundedness and reachability can be interpreted by endowing hyperdoctrines with a general notion of paths. By leveraging general categorical constructions, we provide axiomat- isations and sound and complete semantics for various fragments of logics for closure operators. Therefore, closure hyperdoctrines are useful both for refining and improving the theory of existing spatial logics, but especially for the definition of new spatial logics for new applications.

2012 ACM Subject Classification Theory of computation → Modal and temporal logics

Keywords and phrases categorical logic, topological semantics, closure operators, spatial logic.

Funding Marino Miculan: Supported by the Italian MIUR project PRIN 2017FTXR7S IT MAT- TERS (Methods and Tools for Trustworthy Smart Systems).

1 Introduction

Recently, much attention has been devoted in Computer Science to systems distributed in physical space; a typical example is provided by the so called collective adaptive systems, such as drone swarms, sensor networks, autonomic vehicles, etc. This arises the problem of how to model and reason formally about spatial aspects of distributed systems. To this end, several researchers have advocated the use of spatial logics, i.e. modal logics whose modalities are interpreted using topological concepts of neighbourhood and connectivity.1 In fact, the interpretation of modal logics in topological spaces goes back to Tarski; we refer to [1] for a comprehensive discussion of variants and computability and complexity aspects. More recently, Ciancia et al. [8, 9] extended this approach to preclosure spaces, also called Čech closure spaces, which generalise topological spaces by not requiring idempotence arXiv:2007.04213v2 [cs.LO] 31 Dec 2020 of closure operator. This generalization unifies the notions of neighbourhood arising from topological spaces and from quasi-discrete closure spaces, like those induced by graphs and images. Building on this generalization, [8] introduced Spatial Logic for Closure Spaces (SLCS), a modal logic for the specification and verification on spatial concepts over preclosure spaces. This logic features a closure modality and a spatial until modality: intuitively φUψ holds in an area where φ holds and it is not possible to “escape” from it unless passing

1 Not to be confused with spatial logics for reasoning on the structure of agents, such as the Ambient Logic [7] or the Brane Logic [29]. 2 Closure Hyperdoctrines, with paths

through an area where ψ holds. There is also a surrounded constructor, to represent a notion of (un)reachability. SLCS has been proved to be quite effective and expressive, as it has been applied to reachability problems, vehicular movement, digital image analysis (e.g., street maps, radiological images [5]), etc. The model checking problem for this logic over finite quasi-discrete structures is decidable in linear time [8]. Despite these results, an axiomatisation for SLCS is still missing. Moreover, it is not obvious how to extend this logic to other spaces with closure operators, such as probab- ilistic automata (e.g. Markov chains). Also, it is not immediate how current definitions of reachability can be generalized to other cases, e.g., within a given number of steps, or non-deterministic, or probabilistic, etc. In fact, the main point is that we miss an abstract theoretical framework for investigating the logical aspects of (pre)closure spaces. Such a framework would be the basis for analysing spatial logics like SLCS, but also for developing further extensions and applications thereof. In this paper, we aim to build such a framework. To this end, we introduce the new notion of closure (hyper)doctrine as the theoretical basis for studying the logical aspects of closure spaces. Doctrines were introduced by Lawvere [23] as a general way for endowing (the objects of) a category with logical notions from a suitable 2-category E, which can be the category of Heyting algebras in the case of intuitionistic logic, of Boolean algebras in the case of classical logic, etc.. Along this line, in order to capture the logical aspects of closure spaces we introduce the notion of closure operators on doctrines, that is, families of inflationary morphisms over objects of E (subject to suitable conditions); a closure (hyper)doctrine is a (hyper)doctrine endowed with a closure operator. These structures arise from many common situations: we provide many examples ranging from topology to algebraic structures, from coalgebras to fuzzy sets. These examples cover the usual cases from literature (e.g., graphs, quasi-discrete spaces, (pre)topological spaces) but include also new settings, such as categories of coalgebras and probabilistic frames (i.e., Markov chains). Then, leveraging general machinery from categorical logic, we introduce a first order logic for closure spaces for which we provide an axiomatisation and a sound and complete categorical semantics. The propositional fragment corresponds to the SLCS from [8]. Within this framework, we can accommodate also the notion of surroundedness of properties, in order to model spatial operators like SLCS’s S [9]. Actually, surroundedness is not a structural property of the logical domain (differently from closure operators); rather, it depends on the kind of paths we choose to explore the space. To this end, we introduce the notion of closure doctrine with paths. Again, the foundational approach we follow allows for many kinds of paths, and hence many notions of surroundedness. Overall, the importance of this work is twofold: on one hand, closure hyperdoctrines (with paths) are useful for analysing and improving the theory of existing spatial logics; in particular, the proposed axiomatisation can enable both new proof methodologies and minimisation techniques. On the other, closure hyperdoctrines are useful for the definition of new logics in various situations where we have to deal with closure operators, connectivity, surroundedness, reachability, etc. Synopsis The paper is organized as follows. In Section 2 we recall (hyper)doctrines and introduce the key notion of closure doctrine. Many examples of closure doctrines are provided in Section 3. In Section 4 we introduce logics for closure operators, together with a sound and complete semantics in closure hyperdoctrines. Then, in order to cover the notion of surroundedness, we introduce the notion of closure doctrine with paths (Section 5) and the corresponding logics with the “surrounded” operator (Section 6). Conclusions and directions for future work are in Section 7. Longer proofs are in Appendix A. D. Castelnovo, M. Miculan 3

2 Closure (hyper)doctrines 2.1 Kinds of doctrines In this section we recall the notion of elementary hyperdoctrine, due to Lawvere [23, 24]. The development of semantics of logics in this context or in the equivalent fibrational context is well established; we refer the reader to, e.g., [17, 28, 31].

I Definition 2.1 ((Existential) Doctrine, Hyperdoctrine [21, 27, 30]). A primary doctrine or simply a doctrine on a category C is a functor P : Cop → InfSL where InfSL is the category of finite meet semilattices. A primary doctrine is existential if: C has finite products;

the image PπC of any projection πC : C × D → C admits a left adjoint ∃πC ; πC0 D × C0 C0

for each pullback like aside, the Beck-Chevalley 1D × f f

condition ∃πC0 ◦ P1D ×f = Pf ◦ ∃πC holds; D × C C πC

for any α ∈ P (C) and β ∈ P (D × C) the Frobenius reciprocity ∃πC (PπC (α) ∧ β) =

α ∧ ∃πC (β) holds. A hyperdoctrine is an existential doctrine P such that: P factors through the category HA of Heyting algebras and Heyting algebras morphisms;

for all projections πC : D × C → C, PπC has a right adjoint ∀πC : P (D × C) → P (C)

which must satisfy the Beck-Chevalley condition: ∀πC0 ◦ P1D ×f = Pf ◦ ∀πC for any f : C0 → C. A primary doctrine, an existential doctrine or a hyperdoctrine, is elementary if C has finite products; for each object C there exists a fibered equality δC ∈ P (C × C) such that

P(π1,π2)(−) ∧ P(π2,π3)(δC ) a P1D ×∆C

where π1, π2 and π3 are projections D × C × C → D × C. This left adjoint will be denoted

by ∃1D ×∆C

I Remark 2.2. Usually C is required to having finite products even in the case of a primary doctrine (cfr. [30]), we will not ask it in order to get the coalgebraic examples in Section 3.

I Remark 2.3. Since C has a terminal object it follows that Pπ1 (−) ∧ δC a P∆C . This left adjoint will be denoted by ∃∆C . I Remark 2.4. In this paper, we work with hyperdoctrines over HA, the category of Heyting algebras and their morphisms; hence the resulting logic is inherently intuitionistic. Clearly, all the development still holds if we restrict ourselves to the subcategory of Boolean algebras BA, yielding a classical version of the logic.

I Example 2.5. Let C be a category with finite limits and (E, M ) a stable and proper factorization system on it (see [20]). Fix an object C ∈ C we define a relation on arrows in M with codomain C putting m ≤ n if and only if there exists t such that n ◦ t = m. If we ignore size issues this gives us a preorder, from which we get a partial order M -SubC(C) by quotienting by the relation m ' n if and only if m ≤ n and n ≤ m. The top element 4 Closure Hyperdoctrines, with paths

is [1C ], while meets are given by pullbacks, and we can pullback any m along any arrow f : D → C getting an arrow f ∗m in M with codomain D. Summarizing we have a functor op C → InfSL sending C to M -SubC(C). This is actually an elementary existential doctrine in which δC is the class of the diagonal C → C × C (which can be shown to be an element

of M ) and ∃πC ([m]) is the M -component of πC ◦ m, in the sense that it is the class of n ∈ M such that n ◦ e = πC ◦ m for some e ∈ E (see [16] for the correspondence between factorization systems and elementary existential doctrines). In general this functor is very far from having Heyting algebras as values but this is the case when C is a topos and M the class of all monomorphisms; in this case we get an elementary hyperdoctrine [25]. If we want M to be the class of all monos we have the following theorem.

I Theorem 2.6. If C has finite limits then SubC is an elementary existetial doctrine if and only if C is regular.

Proof. Cfr. [17], theorem 4.4.4. J

op I Proposition 2.7. Let P : C → InfSL be an existential doctrine, D a category with finite products and F : D → C a product preserving functor. Then, P ◦ F op is a existential doctrine. If P is elementary (resp., a hyperdoctrine) then P ◦ F op is elementary (resp., a hyperdoctrine).

Proof. See proof on page 24. J

op I Proposition 2.8. Let P : C → HA be an elementary existential doctrine. For every arrow f : C → D, the functor Pf has a left adjoint ∃f that satisfies the Frobenius reciprocity: ∃f (Pf (β) ∧ α) = β ∧ ∃f (α). If P is a hyperdoctrine then Pf has a right adjoint ∀f too.

Proof. See proof on page 25. J

I Remark 2.9. In general these adjoints do not satisfy any form of Beck-Chevalley condition [10, 17, 26, 33].

op op I Definition 2.10. Let P : C → InfSL, S : D → InfSL be primary doctrines. A morphism P → S is a pair (F , η) where F : C → D is a functor and η : P → S ◦ F op is a natural transformation. (F , η) is a morphism of elementary doctrines, or elementary, if F preserves finite

products and for any object C of C, it is ηC×C (δC ) = S(F (π1),F (π2))(δF (C)). (F , η) is a morphism of existential doctrine if F preserves finite products and for any pair of objects C,D of C the diagram (a) below commutes.

∃π ∀π P (D × C) C P (C) P (D × C) C P (C) ηD×C ηD×C

S(F (D × C)) ηC S(F (D × C)) ηC

S(F (πD ),F (πC )) S(F (πD ),F (πC )) ∃πF (C) ∀πF (C) S(F (D) × F (C)) S(F (D)) S(F (D) × F (C)) S(F (D)) (a) (b)

(F , η) is a morphism of hyperdoctrines if it is a morphism of existential doctrine, the diagram (b) above commutes too and each component of η preserves finite suprema and implication. D. Castelnovo, M. Miculan 5

If (F, η) is also elementary then we call it a morphism of elementary existential doctrines or of elementary hyperdoctrines. Let (F , η), (G, ): P → S be two morphisms; a 2-arrow (F , η) → (G, ) is a natural transformations θ : F → G such that ηC (α) ≤ SθC (C (α)). This defines the 2-categories PD, ED, HD of primary doctrines, existential doctrines and hyperdoctrines, and the subcategories EPD, EED, EHD of their elementary variants.

2.2 Closure operators on doctrines In this section we introduce the key notion of closure operators on doctrines.

I Definition 2.11. Let P be a doctrine. A closure operator on P is a (possibly large) family c = {cC }C∈Ob(C) of functions cC : P (C) → P (C) such that: for any object C, cC is monotone and inflationary, i.e., 1P (C) ≤ cC any arrow f : C → D is continuous, i.e.

cC ◦ Pf ≤ Pf ◦ cD

A closure operator c is said to be

grounded if cC (⊥) = ⊥ for all objects C such that P (C) has a minimum; additive if

cC (α ∨ β) = cC (α) ∨ cC (β)

for all objects C such that P (C) has binary suprema; finitely additive if it is grounded and additive; full additive if _ _ cC ( αi) = cC (αi) i∈I i∈I for all I 6= ∅ and C such that P (C) has I-indexed suprema; idempotent if cC ◦ cC = cC for all object C. A closure doctrine is a pair (P , c) where P is a primary doctrine and c a closure operator on it. We say that (P , c) is elementary, existential, or a hyperdoctrine, if P is.

I Example 2.12. Lawvere-Tierney topologies on a topos provide examples of idempotent closure operators on the elementary hyperdoctrine of subobjects [6, 19, 25].

I Remark 2.13. Full additivity does not imply groundedness since we explicitly ask for preservation of suprema indexed on non empty set.

I Proposition 2.14. Let P ∈ EED be an elementary existential doctrine and c a closure operator on it; then, for any f : C → D, continuity of f is equivalent to ∃f ◦ cC ≤ cD ◦ ∃f .

Proof. See proof on page 27. J

If we think of a morphism of (primary, existential, elementary, hyper)doctrines (F , η): P → Q as a ‘translation’ of ‘types’ and ‘predicates’ then, when closure operators are available, it is natural to ask for this ‘translation’ to take place in a continuous way. 6 Closure Hyperdoctrines, with paths

I Definition 2.15. A morphism of closure (elementary, existential, hyper)doctrines (F , η): (P , c) → (Q , d) is a morphism of (elementary, existential, hyper)doctrines F : P → Q such that η is continuous, i.e., for all C:

dF (C) ◦ ηC ≤ ηC ◦ cC We say that (F , η) is open if equality holds for all the objects C.A 2-cell θ :(F , η) → (G, ) is defined as in the case of doctrines. In this way we get the 2-categories cPD, cED, cHD of closure doctrines, closure existential doctrines, closure hyperdoctrines and the subcategories cEPD, cEED, cEHD of their elementary variants.

3 Examples of closure hyperdoctrines 3.1 Topological examples As a first class of examples, we introduce three closure hyperdoctrines starting from the usual category Top of topological spaces and continuous maps. The first one corresponds to the closure spaces used in, e.g., [8, 9, 13].

I Definition 3.1. The category PrTop of pretopological spaces (or closure spaces) is the category in which: objects are pairs (X, c) of a set X and a monotone function c : P(X) → P(X) such that

1P(X) ≤ c and c preserves finite (even empty) suprema; −1 an arrow f :(X, cX ) → (Y, cY ) is a function f : X → Y such that f :(P (Y ), cY ) → (P (X), cX ) is continuous. Another example is given by so called convergence spaces (cfr. [11]).

I Definition 3.2. For any set X let Fil(X) be the set of proper filters (i.e., ∅ is not among them) on it. The category FC of filter convergence spaces is the category in which: an object is a pair (X, qX ) given by a set X and a function qX : X → P(Fil(X)) such that, for any x ∈ X, qX (x) is upward closed and x˙ := {A ⊂ X | x ∈ A} belongs to qX (x). an arrow f :(X, qx) → (Y, qY ) is a function f : X → Y such that the filter f(F ) generated by the images of F ’s elements belongs to qY (f(x)) whenever F ∈ qX (x).

I Proposition 3.3. The obvious forgetful functors from Top, PrTop and FC to Set pre- serves finite products.

Proof. For Top it is clear, for the other two categories see [11, Ch.3]. J By Proposition 2.7 and the previous one, we have three elementary hyperdoctrines P t : Topop → HA P p : PrTopop → HA P f : FCop → HA which we now endow with closure operators.

I Definition 3.4. We define the following closure operators: t 1. the Kuratowski closure operator k = {k(X,θ)}(X,θ)∈Ob(Top) on P where k(X,θ) is the closure operator associated with the topology θ; p 2. the Čech closure operator c = {c(X,c)}(X,c)∈Ob(PrTop) on P where c(X,c) is just c; f 3. the Katětov closure operator k = {k(X,qX )}(X,qX)∈Ob(FC) on P where

k(X,qX ) : P(X) → P(X)

A 7→ {x ∈ X | ∃F ∈ qX (x).A ∈ F } D. Castelnovo, M. Miculan 7

I Proposition 3.5 ([11], chapter 3). 1. k, c and k are grounded and additive closure operat- ors, moreover k is idempotent. j 2. There exists a sequence of inclusion functors Top −→i PrTop −→ FC each of which has a left adjoint. (i,η) (j ,) 3. We have a sequence (P t, k) −−−→ (P p, c) −−−→ (P f , k) of morphisms in cEHD where η and  have identities as components.

Proof. See proof on page 27. J For many other examples of closure operators on topological spaces we refer the interested reader to [11].

3.2 Algebraic examples

I Proposition 3.6. prop Let Grp be the category of groups and CRing that of commutative, unital rings (where we require that f(1A) = 1B for any f : A → B). Then, SubGrp and SubCRing are elementary existential doctrines.

Proof. This follows at once from theorem 2.6. J

I Remark 3.7. Notice that, even if SubGrp(G) and SubCRing(A) admit finite suprema for any group G or commutative ring A with unity, preimages do not preserve them in general: for instance they do not preserve the bottom subobject. Then SubGrp or SubCRing cannot be universal doctrines. The following examples are taken from [11].

I Definition 3.8 (Groups). The normal closure on a group G is given by

νG : SubGrp(G) → SubGrp(G) \ H 7→ {N ≤ G | H ≤ N E G} where we have chosen the image of a monomorphism as a canonical representative of it.

I Proposition 3.9. The family previous defined forms a closure operators ν on SubGrpthat is idempotent, fully additive and grounded.

Proof. See proof on page 27. J

I Definition 3.10 (Rings). Let A be a unital commutative ring and B a subring, we define intA(B) to be the integral closure of B:

intA(B) := {a ∈ A | p(a) = 0 for some p ∈ B[x]}

Again we are denoting a subobject by the image of any representative of it.

I Proposition 3.11. For any A intA is a function SubCRing(A) → SubCRing(A), moreover the family of this functions forms an idempotent closure operator int.

Proof. See proof on page 27. J 8 Closure Hyperdoctrines, with paths

3.3 A representable example

op I Theorem 3.12. For any complete Heyting algebra H, the functor Set(−,H): Set → HA is an elementary hyperdoctrine.

Proof. This is example 2.2 in [32]. Explicitly we have

δX : X × X → [0, 1] ∃πX (f): X → H ∀πX (f): X → H ( _ ^ 0 x 6= y x 7→ f(x, y) x 7→ f(x, y) (x, y) 7→ y∈Y y∈Y 1 x = y

J

op I Corollary 3.13. Set(−, [0, 1]) : Set → HA is an elementary hyperdoctrine on Set.

I Definition 3.14. For any fixed real  ≥ 0, and any set X we define, for an f : X → [0, 1] we define

cX,(f): X → [0, 1] +˙ : [0, 1] × [0, 1] → [0, 1] where x 7→ f(x)+˙  (t, s) 7→ max(t + s, 1)

In this way we get a function

cX, : Set(X, [0, 1]) → Set(X, [0, 1])

f 7→ cX,(f)

I Proposition 3.15. For any  ≥ 0, the collection c of all the functions cX, is a closure operator.

Proof. See proof on page 27. J

I Remark 3.16. c is not grounded if  6= 0 (in that case it reduces to the discrete closure operator) but it is additive.

3.4 Fuzzy sets We can refine the previous example considering fuzzy sets.

I Definition 3.17. The category Fzs of fuzzy sets has: pairs (A, α) with α : A → [0, 1] as objects; as arrows f :(A, α) → (B, β) functions f : A → B such that α(x) ≤ β(f(x)).

I Definition 3.18. A fuzzy subset of (A, α) is a function ξ : A → [0, 1] such that ξ(x) ≤ α(x) for all x ∈ A. Let us summarize some results about Fzs.

I Proposition 3.19. 1. Fzs is a quasitopos; 2. there exists a proper and stable factorization system given by strong monomorphisms and epimorphisms; 3. fuzzy subsets of (A, α) correspond to equivalence of strong monomorphisms of codomain (A, α); D. Castelnovo, M. Miculan 9

4. the functor

Fzsop → HA (A, α) 7−→ FzSub(A, α) −→ f f ∗ −→ (B, β) 7−→ FzSub(B, β) where FzSub(A, α) is the set of fuzzy subsets of (A, α) and

f ∗(ξ): A → [0, 1] x 7→ α(x) ∧ ξ(f(x))

for any ξ ∈ FzSub(B, β), is an elementary hyperdoctrine. Proof. See [34, Ch. 8]. Explicitly the hyperdoctrine structure is given by:

∃f (ξ): B → [0, 1] ∀f (ξ): B → [0, 1] _ ^ y 7→ ξ(x) y 7→ β(y) ∧ (α(x) ⇒ ξ(x)) x∈f −1(y) x∈f −1(y) for any f :(A, α) → (B, β) and ξ ∈ FzSub(A, α). J

I Remark 3.20. Implication in [0, 1] is given by: ( 1 t ≤ s t ⇒ s = s s < t

Moreover the fibered equality for a fuzzy set (A, α) must be ∃∆(A,α) (α), i.e.:

δ(A,α) : A × A → [0, 1] ( α(x) x = y (x, y) 7→ 0 x 6= y

Notice that in Fzs, (A, α) × (B, β) is (A × B, α ∧ β).

I Proposition 3.21. Let E = {(A,α)}(A,α)∈Ob(Fzs) be a family of functions (A,α) :(A, α) → [0, 1] such that, for any f :(A, α) → (B, β)

(A,α)(x) ≤ (B,β)(f(x)) then, we get an additive closure operator on FzSub defined as follows:

E c(A,α) : FzSub(A, α) → FzSub(A, α)

ξ 7→ (ξ + (A,α)) ∧ α

Proof. See proof on page 27. J

I Remark 3.22. cE is not grounded in general. The condition on the elements of E is very restrictive. In fact, it can be eased restricting to a suitable subclass of arrows and using the following lemma. 10 Closure Hyperdoctrines, with paths

op I Lemma 3.23. Let P : C → InfSL be a doctrine, and c = {cC : P (C) → P (C)}C∈Ob(C) be a family of monotone and inflationary operators. Let A be a (possibly large) family of C-arrows such that: A is closed under composition; if f ∈ A then 1dom(A) and 1cod(A) are in A; f : C → D in A implies cC ◦ Pf ≤ Pf ◦ cD. A Then induces a doctrine on the subcategory C induced by for which c = {cC } P P A A C∈Ob(CA ) is a closure operator. Moreover, if for all f, g in A also (f, g) and the projections from cod(f) × cod(g) are in A, then P A is existential, elementary or an hyperdoctrine if P is. Proof. This is almost tautological since the condition on A guarantee that the inclusion functor CA preserves limits and we can use Proposition 2.7. J

3.5 Coalgebraic examples

I Definition 3.24 ([18, 22]). Let C be a category with finite products and F : C → C an endofunctor. The category CoAlg(F ) of coalgebras for F has arrows γC : C → F (C) as objects; arrows f : C → D such that γD ◦ f = F (f) ◦ γC as morphisms f : γC → γD. Notice that in general CoAlg(F ) is not complete and products in it can be very different from products in C [15], so it does not make much sense to look for an existential doctrine on it. However, for Set-based coalgebras we get a primary doctrine P c : CoAlg(F )op → InfSL composing the contravariant power object P : Setop → InfSL with the opposite of the obvious forgetful functor CoAlg(F ) → Set.

I Definition 3.25. Let F : C → C be a functor and P a primary doctrine on C.A predicate op lifting is a natural transformation  : U ◦ P → U ◦ P ◦ F where U is the forgetful functor InfSL → Poset.

c Let  be a predicate lifting. We define two closure operators on P . c 1. For any coalgebra γX : X → F (X), notice that P (γX ) = P (X); hence we can define

preγX : P (X) → P (X)

α 7→ α ∨ PγX (X (α))

2. Suppose that P admits arbitrary meets; for γX : X → F (X) and α ∈ P (X) we define

NγX (α) := {β ∈ P (X) | α ≤ PγX (X (β))} ^ sγX (α) := β

β∈NγX (α)

sucγX : P (X) → P (X)

α 7→ α ∨ sγX (α)

I Lemma 3.26. Let F : C → C be a functor and  a predicate lifting, then: c 1. {preγX }γX ∈Ob(CoAlg(F )) defines a closure operator pre on P .

2. sγX (α) is the minimum of NγX (α) whenever P has arbitrary meets and, for any coalgebra

γX : X → F (X), PγX and X commute with them; 3. in the hypothesis above if Pf commutes with arbitrary meets for all arrows f then c {sucγX }γX ∈Ob(CoAlg(F )) defines a closure operators suc on P .

Proof. See proof on page 28. J D. Castelnovo, M. Miculan 11

The previous result provides us with many examples with practical applications.

I Example 3.27 (Kripke frames). Let P : Set → Set be the covariant powerset functor, and P : Setop → InfSL be the controvariant one, seen as primary doctrine. We can define a predicate lifting  taking as components:

X : P (X) → P (P(X)) A 7→ ↓A where ↓A denotes the set of downward-closed subsets of A. In this case for any coalgebra γX : X → P(X) we have

−1 x ∈ γX (X (A)) ⇐⇒ γX (x) ⊂ A

B ∈ NγX (A) ⇐⇒ γX (a) ⊂ B for any a ∈ A S S so sγX (A) = a∈A γX (a) and sucγX (A) = A ∪ a∈A γX (a). By this description it is clear that suc is grounded and fully additive. pre is grounded too but it is not even finitely additive: take 4 := {0, 1, 2, 3} with stuctural map γ4 given by

0 7→ {3} 1 7→ {2, 3} 2 7→ {2} 3 7→ {3}

Now take A := {2, 3}, it is immediate to see that preγ4 (A) = 4, on the other hand preγ4 ({2}) =

{2} and preγ4 ({3}) = {0, 3}. I Remark 3.28. In this case, pre and suc meanings (and notation) become clearer: if we think to the value of γX (x) as the family of points accessible from x ∈ X then preγX adds to a subset A the set of its predecessors, i.e. points from which some a ∈ A is accessible, while sucγX adds the set of successors, i.e. points which are accessible from some point of A.

I Example 3.29 (Probabilistic frames [3, 4, 14]). Let Meas be the category of measurable space and measurable functions; then we can take as primary doctrine P the functor

(X, ΩX ) 7−→ ΩX −→ −→ f f −1

(Y, ΩY ) 7−→ ΩY

As endofunctor we can take the Giry monad G : Meas → Meas: given an object (X, ΩX ), G(X, ΩX ) is the set

{µ :ΩX → [0, 1] | µ is a probabilty measure on ΩX }

equipped with the smallest σ-algebra for which all the evaluation functions

evA : G(X, ΩX ) → [0, 1] µ 7→ µ(A)

with A ∈ ΩX , are Borel-measureable. for a measurable f :(X, ΩX ) → (Y, ΩY ),

G(f): G(X, ΩX ) → G(Y, ΩY ) µ 7→ µ ◦ f −1 12 Closure Hyperdoctrines, with paths

(For the measurability of G(f) notice that given a Borel subset L of [0, 1] and A ∈ ΩY we −1 have that µ ∈ G(f) (evA(L)) ⇐⇒ µ ∈ evf −1(A)(L))

For a coalgebra γ(X,ΩX ) and p ∈ [0, 1] we define

(X,ΩX ),p :ΩX → P(G(X)) A 7→ {µ ∈ G(X, ΩX ) | µ(A) ≥ p}

−1 notice that the set on the right is evA ([p, 1]) and so (X,ΩX ),p is well defined. In this situation we have

preγ (A) := A ∪ {x ∈ X | p ≤ γ(X,ΩX )(x)(A)} (X,ΩX )

I Remark 3.30. If we think of a coalgebra γ(X,ΩX ) as describing how likely is a transition from a state to the various A ∈ ΩX then, given a p ∈ [0, 1], preγ (A) is the set of points (X,ΩX ) which access A with probability at least p.

4 Logics for Closure Operators

In this section, we provide a sound and complete logic for closure hyperdoctrines. This logic is a (first order) version of Spatial Logic for Closure Spaces (SLCS) [9], although with a slightly different presentation.

4.1 Syntax and derivation rules We briefly recall the categorical presentation of signatures, as in [17].

I Definition 4.1. A signature Σ is a triple (|Σ| , Γ, Π) where |Σ| is a set, called the set of basic types; Γ is a functor2 |Σ|? × |Σ| → Sets. We will call function symbol an element f of Γ((σ1, . . . , σn), σn+1) and we will write f : σ, . . . , σn →, σn+1; ? Π is a functor |Σ| → Set, we will call predicate symbol an element P of Π(σ1, . . . , σn) and we will write P : σ1, . . . , σn. A morphism of signatures φ :Σ1 → Σ2 is a triple (φ1, φ2, φ3) such that φ1 is a function |Σ1| → |Σ2|; ? φ2 is a natural transformation Γ1 → Γ2 ◦ (φ1 × φ1); ? φ3 is a natural transformation Π1 → Π2 ◦ φ1. For any σ ∈ |Σ| we fix an countably infinite set Xσ of variables; definition of terms is straightforward ([17]).

I Definition 4.2. Given a signature Σ, its classifying category Cl(Σ) is such that objects are contexts; n m Given Γ := [xi : σi]i=1 and ∆ = [yi : τi]i=1 an arrow Γ → ∆ is a m-uple of terms (T1, ..., Tm) such that Γ ` Ti : τi for any i; composition is given by substitution.

I Proposition 4.3. Cl(Σ) is a category with finite products for any signature Σ.

Proof. See proof on page 29. J

2 |Σ| and |Σ|? are viewed here as discrete categories. D. Castelnovo, M. Miculan 13

Now we can introduce the rules for context and closure operators of the Spatial Logic for Closure Spaces, over any given signature. As usual, we denote by Γ ` t : τ the judgment “t has type τ in context Γ”, and by Γ ` φ : Prop the judgment “φ is a well-formed formula in context Γ”.

I Definition 4.4. The rules for contexts and well-formed formulae for the closure operators for a signature Σ are the usual ones for a first order signature (see [17]) plus:

Γ ` φ : Prop Γ ` φ : Prop Γ ` ψ : Prop C-F U-F Γ ` C(φ): Prop Γ ` φUψ : Prop

For any context Γ we define FormΣ(Γ) to be the set of formulae φ such that Γ ` φ : Prop.

Then, we can introduce the rules for the logical judgments of the form Γ | Φ ` φ, where Φ is a finite set of propositions well-formed in Γ.

I Definition 4.5. We define four rules for the well-formed formulae previously defined: C’s rules:

Γ | Φ ` ψ Γ | Φ, ψ ` φ Cl-1 Cl-2 Γ | Φ ` C(ψ) Γ | Φ, C(ψ) ` C(φ)

U’s rules Γ | Φ, ϕ ` φ Γ | Φ, C(ϕ), ¬φ ` ψ U-I Γ | Φ, ϕ ` φUψ for all φ such that Γ ` ϕ : Prop :Γ | Φ, ϕ ⇒ φ, (C(ϕ) ∧ ¬ϕ) ⇒ ψ, ϕ ` θ U-E Γ | Φ, φUψ ` θ

The Propositional Logic for Closure Operators on Σ (PLCO) is given by the usual propositional rules (i.e., without the quantifiers) for the typed (intuitionistic) sequent calculus (see e.g. [17]), extended with the four rules above. The First Order Logic for Closure Operators on Σ (FOLCO) is given by the four rules above added to the usual rules for first order logic. Similarily with equality. Derivability of sequents is defined in the usual way [31].

I Remark 4.6. PLCO corresponds to the Spatial Logic for Closure Spaces considered in [8]. I Remark 4.7. Notice that U-E is an infinitary rule saying that a formula θ can be derived from φUψ if it can be derived from all the formulae ϕ satisfying precise conditions. Thus, this rule shows the second-order nature of the U operator.

4.2 Categorical semantics of closure logics In this section we provide a sound and complete categorical semantics of the logics for the closure operators defined above.

I Definition 4.8. Two formulae φ, ψ ∈ FormΣ(Γ) are provably equivalent if Γ | ψ ` φ and Γ | φ ` ψ. We will denote the quotient of FormΣ(Γ) by this relation with L(Σ)(Γ), [φ] will denote the class of φ in it.

I Proposition 4.9. For any signature Σ the following are true: 1. L(Σ)(Γ) equipped with the order [φ] ≤ [ψ] if and only if Γ | φ ` ψ is derivable is: 14 Closure Hyperdoctrines, with paths

a meet semilattice in the case we are considering regular logic; a Heyting algebra if we are considering propositional or first order logic; 2. [φUψ] is the supremum of the set

uΓ(φ, ψ) := {[ϕ] ∈ L(Σ)(Γ) such that Γ | ϕ ` φ, Γ | C(ϕ), ¬ϕ ` ψ}

3. there exists a (elementary) closure or existential doctrine or a (elementary) hyperdoctrine (L(Σ), cΣ) on Cl(Σ) sending Γ to L(Σ)(Γ).

Proof. 1. The logical connectives induce a Heyting algebra or a meet semilattice structure on L(Σ)(Γ) which has precisely ≤ as associated order.

2. From U-I follows that [φUψ] is an upper bound for uΓ while U-E implies that [φUψ] is the least of them.

3. For any morphism (T1, ..., Tn):Γ → ∆ substitution of terms gives us a morphism of Heyting algebras/meet semilattices L(Σ)(∆) → L(Σ)(Γ); quantifiers gives us the existential doctrine/hyperdoctrine structure (cfr. [31] for the details). In any case have to define a preclosure operator cΣ,Γ on each L(Σ)(Γ) but this is easily done defining

cΣ,Γ : L(Σ)(Γ) → L(Σ)(Γ) [φ] 7→ [C(φ)]

The C’s rules assure us that cΣ is well defined, inflationary and monotone, while an easy induction shows that

L(Σ)(T1,...,Tn)([C(φ)]) = cΣ,Γ(L(Σ)(T1,...,Tn)(φ))

for any (T1, ..., Tn):Γ → ∆. We can add fibered equalities, given Γ := [xi : σi] putting:

n ^ δΓ×Γ := [xi =σi yi] i=1

n where {yi}i=1 is a set of fresh variables such that yi : σi for any i. J Let us prove the soundness and completeness of the categorical semantics wrt. the various logical fragments.

op I Definition 4.10. Let (P , c): C → InfSL be an (elementary) closure doctrine (existential doctrine/hyperdoctrine) then a morphism of cPD (cED, cEED, cEHD, cHD) (M , µ): (L(Σ), C) → (P c) is a model of the propositional (first-order) logic (with equality) of closure operators in (P , c) if it is open. A sequent Γ | Φ ` ψ is satisfied by (M , µ) if ^ µΓ(φ) ≤ µΓ(ψ) φ∈Φ

I Theorem 4.11. A sequent Γ | Φ ` ψ is satisfied by the generic model (1Cl(Σ), 1L(Σ)) if and only if it is derivable.

Proof. By definition, Γ | Φ ` ψ is satisfied if and only if ^ [φ] ≤ [ψ] φ∈Φ D. Castelnovo, M. Miculan 15 in L(Σ)(Γ) but this is equivalent to the derivability of ^ Γ | φ ` ψ φ∈Φ whose derivability is equivalent (applying the conjunction rules a finite number of times) to Γ | Φ ` ψ, and we are done. J

I Corollary 4.12. The above defined categorical semantics for PLCO or FOLCO (with or without equality) is sound and complete. Proof. The only thing left to show is soundness for an arbitrary (P , c) but this follows at once since each component µΓ of µ is monotone. J

4.3 About the semantics of U As we have remarked before, the rule U-E for the operator U is infinitary. Although in general this is needed, in this section we will define a class of hyperdoctrines in which the semantics of U can be given as a supremum of approximants. op I Definition 4.13. Let (P , c): C → InfSL be a closure doctrine that factors through the category of Heyting algebras. For any object C define the external boundary:

+ ∂C : P (C) → P (C)

α 7→ cC (α) ∧ ¬α

For φ and ψ ∈ P (C), we define φUC ψ ∈ P (C) as the supremum, if it exists, of the set + uC (φ, ψ) := {ϕ ∈ P (C) | ϕ ≤ φ and ∂C (ϕ) ≤ ψ}

I Remark 4.14. If P is L(Σ) then [φ]UΓ[ψ] = [φUψ] for any [φ] and [ψ] ∈ L(Σ)(Γ).

I Remark 4.15. If (M , µ) is a model then µΓ(uΓ(φ, ψ)) ⊂ uM (Γ)(µΓ([φ]), µΓ([ψ])) for any Γ. p I Example 4.16. Let (X, c) be a pretopological space and S, T ∈ P (X, c), then

[ + SU(X,c)T = {W ⊂ S | ∂(X,c)(W ) ⊂ T }

+ i.e. x ∈ SU(X,c)T if and only if there exists W ⊂ S such that X ∈ W and ∂(X,c)(W ) ⊂ T .

I Example 4.17. Let us consider the closure operator c on Set(−, [0, 1]) (see Section 3.3). For any f : X → [0, 1], it is (¬f)(x) = 1 if and only if f(x) = 0. So, (  f(x) = 0 (cX,(f) ∧ ¬f)(x) = , 0 f(x) 6= 0 hence, given g, h : X → [0, 1], f ∈ uΓ(g, h) if and only if f ≤ g and h(x) ≥  for any x ∈ f −1(0).

I Remark 4.18. If (M , µ) is a model then for any [ϕ] ∈ L(Σ)(Γ) such that ϕ ∈ uΓ(φ, ψ) we have µΓ([ϕ]) ≤ µΓ([φUψ]).

I Definition 4.19. Let (P , c) be as in Definition 4.13. A model (M , µ): L(Σ) → (P , c) is said continuous if the equality

µΓ([φUψ]) = µΓ([φ])UM (Γ)µΓ([ψ]) holds for any context Γ and [φ], [ψ] ∈ L(Σ)(Γ). 16 Closure Hyperdoctrines, with paths

I Proposition 4.20. Let Σ be a signature and (P , c) a complete (elementary, existential, or hyper)doctrine, i.e. P (C) is complete for any object C of C; then, for any product preserving functor: M : Cl(Σ) → C and functions

∗ µΓ : Π(σ1, ..., σn) → P (M (Γ))

n for all Γ = [xi : σi]i=1, there exists a unique continuous model (M , µ) in (P , c) such that

∗ µΓ([P (x1, ..., xn)]) = µΓ(P )

Proof. This follows immediately by induction. J

I Example 4.21. Let X = {(Xi, ci)}i∈I be a small family of pretopological spaces and let us define Σ as follows:

n Y |Σ| := X Γ(((Xi1 , ci1 ), ..., (Xin , cin )), (Xj, cj)) := PrTop( (Xik , cik ), (Xj, cj)) k=1 n Y Π((Xi1 , ci1 ), ..., (Xin , cin )) := P( Xik ) k=1 We can take as M the unique product preserving functor Cl(Σ) → PrTop such that

(Xi, ci) 7−→ (Xi, ci) −→ −→ f f

(Xi, ci) 7−→ (Xi, ci)

i.e., M sends contexts to products and lists of terms to the corresponding product arrow. ∗ We can define µ sending each predicate P :(Xi1 , ci1 ), ..., (Xin , cin ) to corresponding subset Qn of k=1 (Xik , cik ). Example 4.16 guarantees that this semantics is the same as the one developed in [8].

I Proposition 4.22. For any signature Σ a sequent is derivable if and only if it is satisfied by any continuous model.

Proof. This follows immediately by the fact that the generic model is continuous. J

4.4 Higher order SLCS We can provide an analogous of the above results for higher order logic.

I Definition 4.23. A higher order signature Σ is a triple (|Σ| , Prop, Γ) where |Σ| is a set, called the set of basic types; Prop ∈ |Σ|; Γ: |Σ|? × |Σ| → Sets is a functor, we will call function symbol an element f of Γ((σ1, ..., σn), σn+1) and we will write f : σ, ...σn →, σn+1. A morphism of signature φ :Σ1 → Σ2 is a couple (φ1, φ2) such that φ1 is a function |Σ1| → |Σ2| such taht φ1(Prop1) = Prop2; ? φ2 is a natural transformation Γ1 → Γ2 ◦ (φ1 × φ1). For any σ ∈ |Σ| we fix an countably infinite set Xσ of variables

I Definition 4.24. We define the set of types Type(Σ) as the smallest set such that: |Σ| ∪ {1} ⊂ Type(Σ); D. Castelnovo, M. Miculan 17

if σ and τ ∈ Type(Σ) then σ × τ and σ → τ ∈ Type(Σ). The introduction and elimination rules for product and exponent type and the rules for contexts are the usual ones ([17]), like before we must add to them the following two:

Γ ` φ : Prop Γ ` φ : Prop Γ ` ψ : Prop C-F U-F Γ ` C(φ): Prop Γ ` φUψ : Prop

I Remark 4.25. Notice that now φ : Prop doesn’t mean that φ is well-formed but that it is a term of type Prop.

I Definition 4.26. Terms are constructed and typed in the usual way ([17], given two types σ and τ, the set of terms from σ to τ Term(σ, τ) is the quotient of the set of terms T such that x : σ ` T : τ modulo provable equality, where equality is subjected to the following rules ([17] ):

Γ, v : σ ` M : τ Γ: N : σ Γ ` M : σ → τ β-Con η-Con Γ ` λv : σ.M(N) =τ M[N|v] Γ ` λv : σ.M(v) =σ→τ M Γ ` M : 1 Γ ` P : σ × τ

Γ ` M =1 () Γ ` (πσ(P ), πτ (P )) =σ×τ P Γ ` M : σ Γ ` N : τ Γ ` M : σ Γ ` N : τ

Γ ` πσ(M,N) =σ M Γ ` πτ (M,N) =τ N

I Definition 4.27. Given an higher order signature Σ, its classifying category is the category HoCl(Σ) in which the set of objects is Type(Σ); a morphism σ → τ is just an element of Term(σ, τ); composition is given by substitution.

I Proposition 4.28. For any higher order signature Σ, HoCl(Σ) is a cartesian closed category.

Proof. See proof on page 29. J

I Definition 4.29. The higher order spatial logic for closure spaces on a signature Σ is the typed intuitionistic sequent calculus built on Σ with the same rules of Definition 4.5.

I Lemma 4.30. For any higher order signature Σ the following are true: 1. (Term(−, Prop), cΣ) is a closure hyperdoctrine; 2. for any φ, ψ ∈ Term(σ, Prop)

[φ] ≤ [ψ] ⇐⇒ x : σ | φ ` ψ

Proof. See proof on page 30. J op I Definition 4.31. Let (P , c): C → HA be a closure hyperdoctrine with P isomorphic to C(−,C) with C cartesian closed. Then, a morphism of cEHD

(M , µ):(Term(−, Prop), cΣ) → (P , c) is a model of SLCS in P if: M (Prop) ' C; 18 Closure Hyperdoctrines, with paths

M preserves exponentials; (M , µ) is open. A sequent x : σ | Φ ` ψ is satisfied by (M , µ) if ^ µσ([φ]) ≤ µσ([ψ]). φ∈Φ

I Theorem 4.32. A sequent Γ | Φ ` ψ is satisfied by the generic model given by the identities (1HoCl(Σ), 1Term(−,Prop)) if and only if it is derivable.

Proof. By definition, x : σ | Φ ` ψ is satisfied if and only if ^ [φ] ≤ [ψ] φ∈Φ

in Term(σ, Prop) but this is equivalent to the derivability of ^ x : σ | φ ` ψ φ∈Φ

but the derivability of it is equivalent (applying the rules of conjunction a finite number of times) to

x : σ | Φ ` ψ

and we are done. J

I Corollary 4.33. The categorical semantics of higher order SLCS is sound and complete. Proof. The only thing left to show is soundness for an arbitrary (P , c) in cEHD with P representable functor on a cartesian closed category, but this follows at once since each component of µ is monotone. J

I Remark 4.34. We can repeat verbatim the considerations of subsection 4.3 in order to get a completeness result for continuous models.

5 Paths in closure doctrines

Often, in spatial logics we are interested also on reachability of some property. Differently from closure and the “until” operator, reachability is not a structural property of the logical domain; rather, it depends on the kind of paths we choose to explore the space. In this section we formalise this idea, and show how to interpret also the S operator from SLCS.

5.1 The reachability closure operator

op I Definition 5.1. Let P : C → HA be an hyperdoctrine, an internal preorder in P is a pair (I, ρ) where I is an object of C and ρ ∈ P (I × I) which satisfy: reflexivivty: δI ≤ ρ;

transitivity: P(π1,π2)(ρ) ∧ P(π2,π3)(ρ) ≤ P(π1,π3)(ρ)

(I, ρ) is called an internal order if in addition ρ is antisymmetric, i.e. ρ ∧ P(π2,π1)(ρ) ≤ δI .

Moreover (I, ρ) is total if ρ ∨ P(π2,π1)(ρ) = >. A internal monotone arrow f :(I, ρ) → (J, σ) is an arrow of C such that ρ ≤ Pf×f (σ). D. Castelnovo, M. Miculan 19

op I Definition 5.2. Let (P , c): C → HA be an elementary existential closure doctrine, we say that φ ∈ P (C) is connected if ϕ ∨ ψ = φ and c(ϕ) ∧ ψ = ⊥ imply ϕ = ⊥. An object C is P -connected if > ∈ P (C) is connected.

I Definition 5.3. Given a preorder (I, ρ) in an elementary existential doctrine P and α ∈ P (I) we define the downward and upward closure of α as

↓ α := ∃π1 (Pπ2 (α) ∧ ρ) ↑ α := ∃π2 (Pπ1 (α) ∧ ρ)

We define the reachability operator reach as the family of functions, indexed over the objects:

reachC : P (C) → P (C) _ ϕ 7→ ϕ ∨ ∃p(↑ Pp(ϕ)). p∈C(I,C)

op I Proposition 5.4. Given P : C → InfSL in EED and (I, ρ) an internal preorder in it, reach = {reachC }C∈Ob(C) is a grounded closure operator on P . If, moreover, P is an hyperdoctrine, reach is fully additive.

Proof. See proof on page 31. J

I Example 5.5. In Set, for any non empty I we have that, for any set X: ( XS 6= ∅ reachX (S) = ∅ S = ∅

p I Example 5.6. Take the elementary hyperdoctrine P on PrTop (Definition 3.4) and fix an n ∈ N, as an internal order we can take n = {0, 1, ..., n − 1} with the closure operator

n : P(n) → P(n) S 7→ {i ∈ n | n = s + 1 for some s ∈ S} and the usual ordering ≤ as ρ. An arrow p :(I, n) → (X, c) is just a function such that

n(p−1(S)) ≤ p−1(c(S)) that is, p(i + 1) ∈ c({p(i)}). So, for instance

reach(N,n)(S) = {k ∈ N | k = s + n for some s ∈ S} where n : P(N) → P(N) is defined as for n.

5.2 Surroundedness In this section we will introduce a surrounded operator (similar to the “until” operator of temporal logic) in order to generalize the analogous operator introduced in [9].

I Definition 5.7. Let (I, ρ) be an internal order in an elementary existential closure doctrine (P , c), let φ and ψ ∈ P (C). We say that an arrow p : I → C is an escape route from φ avoiding ψ if

1. at some point in p, φ holds: ∃!I (Pp(φ)) = >; 2. from the points where φ holds we can reach a point where ¬φ holds: Pp(φ) ≤ ↓Pp(¬φ); 20 Closure Hyperdoctrines, with paths

3. there is no point reachable from φ and which reaches ¬φ along the route, where ψ holds: ↑ Pp(φ)∧ ↓ Pp(¬φ) ∧ Pp(ψ) = ⊥. We will denote with EscRC (φ, ψ) the set of such arrows. We also define _ ^ φEC ψ := ∃p(>) φSC ψ := φ ∧ ¬(∃p(>))

p∈EscRC (φ,ψ) p∈EscRC (φ,ψ)

Intuitively, φEC ψ (read “φ escapes ψ”) holds where φ holds and it is possible to escape avoiding ψ; conversely, φSC ψ (read “φ is surrounded by ψ”) holds where φ holds and it is not possible to escape from it without avoiding ψ. Notice that these notions depend on the specific choice of the internal order (I, ρ), hence we can deal with different reachability, with different shapes of escape routes, by choosing the adequate internal order.

I Example 5.8 (cfr. [9]). Let us consider the closure hyperdoctrine on pretopological spaces (P p, c) as in Definition 3.4. In this case an internal order is just an ordered set (I, ≤) equipped with a closure operator. Given S and T subsets of a chosen (X, c), then

p ∈ EscR(X,c)(S, T ) if and only if 1. p−1(S) 6= ∅; 2. for any t such that p(t) ∈ S there exists an s ≥ t with p(s) ∈/ S; 3. p(t) ∈/ T for any t ∈ I for which there exist s and v ∈ I such that p(s) ∈ A, p(v) ∈ T and s ≤ t ≤ v.

x ∈ SE(X,c)T if and only if there exists a continuous p : I → X, t, s ∈ I such that t ≤ s, p(t) = x, p(s) ∈/ S and for any pair (u, v) ∈≤ with p(u) ∈ S and p(v) ∈ T there are no w between u and v such that p(w) ∈ T .

x ∈ SS(X,c)T if and only if x ∈ S and for any continuous p : I → X such that p(t) = x for some t ∈ I, p∈ / EscR(X,c)(S, T ). Therefore, this situation corresponds to the surround operator defined in [9].

I Theorem 5.9. Let (P , c) be a boolean elementary closure hyperdoctrine, (I, ρ) a preorder in it with I P -connected and such that, for all γ ∈ P (I), cI (γ) ∧ ¬γ ≤↑ γ. Then, for any φ and ψ ∈ P (C): 1. if α ∈ uC (φ, ψ) and p ∈ EscRC (φ, ψ) then Pp(α) = ⊥; 2. φUC ψ ≤ φSC ψ.

Proof. See proof on page 31. J

6 Logics for closure hyperdoctrines with paths

In this section we extend the logics for closure hyperdoctrines we have introduced in Section 4, with formulae constructor for reasoning about sourroundedness and reachability.

6.1 Syntax and derivation rules

I Definition 6.1. A signature with paths is a triple Σ = (Σ, ι, R) where Σ is a signature as per Definition 4.1; ι ∈ |Σ| is called the interval type; R : ι, ι is called the preorder of ι

A morphism φ : (Σ1, ι1,R1) → (Σ2, ι2,R2) is a morphism of signature (φ1, φ2, φ3) such that φ1(ι1) = ι2 and φ3ι,ι(R1) = R2. D. Castelnovo, M. Miculan 21

I Remark 6.2. Signatures with paths and their morphisms with componentwise composition form a category SignPath.

I Definition 6.3. We add the following rule of well formation to the logic for the closure operators (Definition 4.4):

Γ ` φ : Prop Γ ` ψ : Prop S-F Γ ` φSψ : Prop

I Definition 6.4. Given a signature (Σ, ι, R), its classifying category is the category Cl(Σ, ι, R) is just Cl(Σ).

I Definition 6.5. We define the following rules for the well-formed formulae previously defined: R’s rules:

Γ, x : ι, y : ι | Φ ` x =ι y R-Refl Γ, x : ι, y : ι | Φ ` R(x, y) Γ, x : ι, y : ι | Φ ` R(x, y)Γ, y : ι, z : ι | Φ ` R(y, z) R-Trans Γ, x : ι, z : ι | Φ ` R(x, z)

S’s rules:

for all p : ι → σ, Γ, x : σ | Φ, ϕ ` isERΓ,x:σ(p, φ, ψ) ∧ φ ∧ ¬∃t : ι.(x =σ p(t)) S-I Γ, x : σ | Φ, ϕ ` φSψ

Γ, x : σ | Φ ` isERΓ,x:σ(p, φ, ψ) S-E Γ, x : σ | Φ, φSψ ` φ ∧ ¬∃t : ι.(x =σ p(t))

where

isERΓ,x:σ(p, φ, ψ) := (∃t : ι.φ[p(t)/x]) ∧ (φ[p(t)/x] ⇒ ∃s : ι.(R(t, s) ∧ ¬φ[p(s)/x])) ∧ ¬(∃s : ι.(R(s, t) ∧ φ[p(s)/x]) ∧ ∃v : ι.(R(t, v) ∧ ¬φ[p(v)/x]) ∧ ψ[p(t)/x])

The Propositional Logic for Closure Operators with Paths on Σ (PLCOwP) is given by PLCO (Definition 4.5) extended with the rules above. Similarly for the First Order Logic for Closure Operators with Paths on Σ (FOLCOwP). Derivability of sequents is defined in the usual way ([31]).

6.2 Categorical semantics of closure logics with paths op I Definition 6.6. Given an elementary closure hyperdoctrine (P , c): C → HA and an internal preorder (I, ρ), we will call the pair ((P , c), (I, ρ)) an elementary path hyperdoctrine. An arrow of path hyperdoctrines ((P , c), (I, ρ)) → ((S, d), (J, σ)) is a morphism (F , η) ∈ cEHD((P , c), (S, d)) such that there exists an isomorphism h : F (I) → J for which

ηI×I (ρ) = S(h◦F (π1),h◦F (π2))(σ) We say that (F , η) is open if it is as arrow (P , c) → (S, d) Clearly this defines a 2-subcategory pEHD of cEHD. 22 Closure Hyperdoctrines, with paths

I Proposition 6.7. For any signature (Σ, ι, R), (L(Σ), (ι, R)) is a path hyperdoctrine. Proof. We have only to show that (ι, R) is an internal preorder but this follows at once from the two R’s rules. J

I Definition 6.8. Let ((P , c)(I, ρ)) be a path hyperdoctrine. Then, a model of closure logic with paths in it is just an open morphism

(M , µ) : ((L(Σ), cΣ), (ι, R) → ((P , c), (I, ρ)) Satisfability of sequents is defined as in the case of closure logics (Definition 4.10).

I Remark 6.9. As for U we have not put any requirement on the interpretation of S, but, in (L(Σ), cΣ), for Γ ` φ : Prop and Γ ` ψ : Prop we have

[φSψ] = [φ]SΓ[ψ] so we can again ask for continuous models, i.e. models that preserves this equality.

I Theorem 6.10. A sequent Γ | Φ ` ψ is satisfied by the generic model (1Cl(Σ), 1L(Σ)) if and only if it is derivable.

Proof. The proof is the same as for Theorem 4.11. J

I Corollary 6.11. The above defined categorical semantics for PLCOwP/RLCOwP/FOL- COwP (with or without equality) is sound and complete.

7 Conclusions and future work

In this paper we have introduced closure (hyper)doctrines as a theoretical framework for studying the logical aspects of closure spaces. First we have shown the generality of this notion by means of a wide range of examples arising naturally from topological spaces, fuzzy sets, algebraic structures, coalgebras, and covering at once also known cases such as Kripke frames and probabilistic frames. Then, we have applied this framework to provide the first axiomatisation and sound and complete categorical semantics for various fragments of a logic for closure doctrines. In particular, the propositional fragment corresponds to the Spatial Logic for Closure Spaces [8], a modal logic for the specification and verification on spatial properties over preclosure spaces. But the flexibility of our approach allows us to readily obtain closure logics for a wide range of cases (including all the examples presented above). Finally, we have extended closure hyperdoctrines with a notion of paths. This allows us to provide sound and complete logical derivation rules also for the “surroundedness”, thus covering all the logical constructs of SLCS (including “reachability”). Albeit already quite general, the theory presented in this paper paves the way for several extensions. We can enrich the logic with other spatial modalities, e.g., the spatial counterparts of the various temporal modalities of CTL* [12]. It could be interesting to investigate a spatial logic with fixed points a la µ-calculus; to interpret such a logic, we could consider closure hyperdoctrines over Löb algebras. Moreover, it would be interesting to develop some “generic” model checking algorithm for spatial logic. The abstraction provided by the categorical approach can guide the generalization of existing model checking algorithms, such as [8], and suggest new proof methodologies and minimisation techniques. On a different direction, we are interested in the type theory induced by closure hyperdoc- trines. A Curry-Howard isomorphism would yield a functional programming language with constructors for spatial aspects, which would be very useful in collective spatial programming, e.g. for collective adaptive systems. D. Castelnovo, M. Miculan 23

References 1 M. Aiello, I. Pratt-Hartmann, and J. van Benthem, editors. Handbook of Spatial Logics. Springer, 2007. 2 M. Atiyah. Introduction to commutative algebra. CRC Press, 2018. 3 T. Avery. Codensity and the giry monad. Journal of Pure and Applied Algebra, 220(3):1229– 1251, 2016. 4 G. Bacci and M. Miculan. Structural operational semantics for continuous state stochastic transition systems. Journal of Computer and System Sciences, 81(5):834–858, 2015. 5 G. Belmonte, V. Ciancia, D. Latella, and M. Massink. Innovating medical image analysis via spatial logics. In From Software Engineering to Formal Methods and Tools, and Back, volume 11865 of Lecture Notes in Computer Science, pages 85–109. Springer, 2019. 6 B. Biering. Dialectica interpretations: a categorical analysis. PhD thesis, IT University of Copenhagen, 2008. 7 L. Cardelli and A. D. Gordon. Anytime, anywhere: Modal logics for mobile ambients. In Proc. POPL, pages 365–377. ACM, 2000. 8 V. Ciancia, D. Latella, M. Loreti, and M. Massink. Specifying and verifying properties of space. In IFIP International Conference on Theoretical Computer Science, pages 222–235. Springer, 2014. 9 V. Ciancia, D. Latella, M. Loreti, and M. Massink. Spatial logic and spatial model checking for closure spaces. In International School on Formal Methods for the Design of Computer, Communication and Software Systems, pages 156–201. Springer, 2016. 10 D. Čubrić. On the semantics of the universal quantifier. Annals of Pure and Applied Logic, 87(3):209–239, 1997. 11 D. Dikranjan and W. Tholen. Categorical structure of closure operators: with applications to topology, algebra and discrete mathematics, volume 346. Springer Science & Business, 2013. 12 E. A. Emerson and J. Y. Halpern. “sometimes” and “not never” revisited: on branching versus linear time temporal logic. Journal of the ACM (JACM), 33(1):151–178, 1986. 13 A. Galton. A generalized topological view of motion in discrete space. Theoretical Computer Science, 305(1-3):111–134, 2003. 14 M. Giry. A categorical approach to probability theory. In Categorical aspects of topology and analysis, pages 68–85. Springer, 1982. 15 H. P. Gumm and T. Schröder. Products of coalgebras. Algebra Universalis, 46:163–185, 2001. 16 J. Hughes and B. Jacobs. Factorization systems and fibrations: Toward a fibred birkhoff variety theorem. Electronic Notes in Theoretical Computer Science, 69:156–182, 2003. 17 B. Jacobs. Categorical logic and type theory, volume 141. Elsevier, 1999. 18 B. Jacobs. Introduction to Coalgebra, volume 59. Cambridge University Press, 2017. 19 P. T. Johnstone. Sketches of an elephant: A topos theory compendium, vol. 2. OUP, 2002. 20 G. M. Kelly. A note on relations relative to a factorization system. In Category Theory, pages 249–261. Springer, 1991. 21 A. Kock and G. E. Reyes. Doctrines in categorical logic. In Studies in Logic and the Foundations of Mathematics, volume 90, pages 283–313. Elsevier, 1977. 22 C. Kupke and D. Pattinson. Coalgebraic semantics of modal logics: an overview. Theoretical Computer Science, 412(38):5070–5094, 2011. 23 F. W. Lawvere. Adjointness in foundations. Dialectica, 23(3-4):281–296, 1969. 24 F. W. Lawvere. Equality in hyperdoctrines and comprehension schema as an adjoint functor. Applications of Categorical Algebra, 17:1–14, 1970. 25 S. MacLane and I. Moerdijk. Sheaves in geometry and logic: A first introduction to topos theory. Springer Science & Business Media, 2012. 26 M. E. Maietti, F. Pasquali, and G. Rosolini. Triposes, exact completions, and Hilbert’s ε-operator. Tbilisi Mathematical Journal, 10(3):141–166, 2017. 27 M. E. Maietti and G. Rosolini. Quotient completion for the foundation of constructive mathematics. Logica Universalis, 7(3):371–402, 2013. 24 Closure Hyperdoctrines, with paths

28 M. Makkai and G. E. Reyes. First order categorical logic: model-theoretical methods in the theory of topoi and related categories, volume 611. Springer, 2006. 29 M. Miculan and G. Bacci. Modal logics for brane calculus. In Proc. CMSB, volume 4210 of Lecture Notes in Computer Science, pages 1–16. Springer, 2006. 30 F. Pasquali. A co-free construction for elementary doctrines. Applied Categorical Structures, 23(1):29–41, 2015. 31 A. M. Pitts. Categorical logic. Technical report, University of Cambridge, 1995. 32 A. M. Pitts. Tripos theory in retrospect. Mathematical structures in computer science, 12(3):265–279, 2002. 33 R. A. G. Seely. Hyperdoctrines, natural deduction and the Beck condition. Mathematical Logic Quarterly, 29(10):505–542, 1983. 34 O. Wyler. Lecture notes on topoi and quasitopoi. World Scientific, 1991.

A Omitted proofs

Proof of Proposition 2.7. We have to show that PF (πD ) has a left adjoint for any projection πD : E × D → D but this follows at once since the horizontal arrow in the diagram P (F (D))

PF (πD ) PπF (D)

P (F (E × D)) P (F (E) × F (D)) P(F (πE ),F (πD ))

is an isomorphism, hence

∃πD = ∃πF (D) ◦ P(F (πE ),F (πD ))

The same argument shows the existence of right adjoint to PF (πD ) anytime they exist for

PπF (D) :

∀πD = ∀πF (D) ◦ P(F (πE ),F (πD ))

Let f : D0 → D be an arrow in D, the two Beck-Chevalley conditions follow from the commutativity of P (F (E × D)) PF (πD )

P(F (πE ),F (πD ))

PπF (D) P (F (E) × F (D)) P (F (D))

PF (1E ×f) P1F (E)×F (f) PF (f)

P (F (E) × F (D0)) P (F (D0)) PπF (D0)

P(F (πE ),F (πD ))

P (π 0 ) P (F (E × D0)) F D D. Castelnovo, M. Miculan 25 and the fact that both the upper and the lower vertical arrow are isomorphisms since F preserves products. For Frobenius reciprocity:

∃F (πD )(PF (πD )(α) ∧ β) = ∃πF (D) (P(F (πE ),F (πD ))(PF (πD )(α) ∧ β))

= ∃πF (D) (PπF (D) (α) ∧ P(F (πE ),F (πD ))(β))

= α ∧ ∃πF (D) (PF (πD )(α) ∧ β)

= α ∧ ∃F (πD )(β)

So we’re left with the fibered equalities, by the commutativity of

P(F (π1),F (π2),F (π3)) P (F (E × D × D)) P (F (E) × F (D) × F (D))

PF (1E ×∆D ) P1F (E)×∆F (D)

P (F (E × D)) P (F (E) × F (D)) P(F (πE ),F (πD ))

P(F (p1),F (p2)) P (F (D × D)) P (F (D) × F (D))

PF (π2,π3) P(F (π2),F (π3))

P(F (π1),F (π2),F (π3)) P (F (E × D × D)) P (F (E) × F (D) × F (D))

PF (π1,π2) P(F (π1),F (π2))

P (F (E × D)) P (F (E) × F (D)) P(F (πE ),F (πD )) and from the fact that the horizontal arrows are isomorphisms it is enough to take

δD := P(F (p1),F (p2))(δF (D))

J

Proof of Proposition 2.8. (Cfr. [17, 24] and lemma 1.5.8 of [19], vol. 1 for the hyperdoctrine case). It is enough to define

∃f (α) := ∃πD (Pf×1D (δD) ∧ PπC (α))

∀f (α) := ∀πD (Pf×1D (δD) → PπC (α))

For adjointness: 26 Closure Hyperdoctrines, with paths

∃f a Pf .

If ∃f (α) ≤ β If α ≤ Pf (β)

α = α ∧ >C ∃f (α) ≤ ∃f (Pf (β))

= α ∧ ∃π2 (δC ) = ∃πD (Pf×1D (δD) ∧ PπC (Pf (β))

≤ α ∧ ∃π2 (Pf×f (δD)) = ∃πD (Pf×1D (δD) ∧ P1D ×f (Pq2 (β)))

= ∃π2 (Pf×f (δD) ∧ Pp2 (α)) = ∃πD (P1D ×f (δD) ∧ P1D ×f (Pq2 (β)))

= ∃π2 (P1C ×f (Pf×1D (δD) ∧ PπC (α)) = ∃πD (P1D ×f (δD ∧ Pq2 (β)))

= Pf (∃πD (Pf×1D (δD) ∧ PπC (α))) = ∃πD (P1D ×f (∃∆D (β)))

= Pf (∃f (α)) ≤ ∃πD (P1D ×f (Pq1 (β)))

≤ Pf (β) = ∃πD (PπD (β)) ≤ β

Where p2 is the second projection C × C → C and q1 and q2 those D × D → D. Pf a ∀f . We already know that:

∃πC a PπC Pf×1D (δD) ∧ (−) a Pf×1D (δD) → (−) PπD a ∀πD so it is enough to show, for all β ∈ P (D)

Pf (β) = ∃πC (Pf×1D (δD) ∧ PπD (β))

but this is easily done:

∃πC (Pf×1D (δD) ∧ PπD (β)) = ∃πC (P1D ×f (δD) ∧ P1D ×f (Pπ1 (β)))

= ∃πC (P1D ×f (δD ∧ Pπ1 (β)))

= Pf (∃π2 (∃∆D (β)))

= Pf (β)

Where π2 is the second projection D × D → D. For Frobenius reciprocity: the inequality ∃f (Pf (β) ∧ α) ≤ β ∧ ∃f (α) follows from adjointness, let’s show the other. Let π1 and π2 be the projections from D × D and compute:

∃f (Pf (β) ∧ α) = ∃πD (Pf×1D (δD) ∧ PπC (Pf (β) ∧ α))

= ∃πD (Pf×1D (δD) ∧ PπC (Pf (β)) ∧ PπC (α))

= ∃πD (Pf×1D (δD) ∧ Pf×1D (Pπ1 (β)) ∧ PπC (α))

= ∃πD (Pf×1D (δD ∧ Pπ1 (β)) ∧ PπC (α))

≤ ∃πD (Pf×1D (δD ∧ Pπ2 (β)) ∧ PπC (α))

= ∃πD (Pf×1D (δD) ∧ Pf×1D (Pπ2 (β)) ∧ PπC (α))

= ∃πD (Pf×1D (δD) ∧ PπD (β) ∧ PπC (α))

= ∃πD (Pf×1D (δD) ∧ PπC (α)) ∧ β

= ∃f (α) ∧ β

where we have used the inequality:

δD ∧ Pπ1 (β) ≤ Pπ2 (β)

that follows at once by the definition of ∃∆D . J D. Castelnovo, M. Miculan 27

Proof of Proposition 2.14. Let’s compute:

cC ◦ Pf ≤ Pf ◦ ∃f ◦ cC ◦ Pf ≤ Pf ◦ cD ◦ ∃f ◦ Pf ≤ Pf ◦ cD ∃f ◦ cC ≤ ∃f ◦ cC ◦ Pf ◦ ∃f ≤ ∃f ◦ Pf ◦ cD ◦ ∃f ≤ cD ◦ ∃f J

Proof of Proposition 3.5. 1. For k and c the proposition is obvious, let us examine k: since x˙ ∈ qX (x) then A ⊂ kX (A), if A ⊂ B then any filters that contains the former contains the latter too and this implies monotonicity, groundedness follows from the fact that ∅ does not belong to any proper filter, for additivity we can complete any filter F to which A ∪ B belong to an ultrafilter U that belongs to qX (x) since the latter is upward closed, either A or B must belong to U and we are done. 2. i sends a topological space to the pretopological space given by the closure operator c associate to its topology, j sends (X, c) to (X, qX ) where

c qX : X → P(Fil(X))

x 7→ {F ∈ Fil(X) | Vx ⊂ F}

where Vx := {S ⊂ X | x∈ / c(X r S)}. For the left adjoints see [11]. 3. This is obvious. J Proof of Proposition 3.9. Since the preimage of a normal subgroup is normal we have that the ν actually exists as a closure operator. The three poperties of it follow immediately by the fact that {0} is normal and so are the arbitrary intersections or sums of normal subgroups. J

Proof of Proposition 3.11. To show that intA(B) is a subring of A and idempotency we refer to [2, Cor. 5.3, 5.5]. Let us show that int is actually a closure operator. Consider f : A → B and C a subring of B, let a ∈ A such that p(a) = 0 for some p ∈ f −1(C)[X] with deg(p) deg(p) coefficients {pi}i=0 , then q(f(a)) = 0 where q ∈ C[X] has coefficients {f(pi)}i=0 and we are done. J

Proof of Proposition 3.15. Clearly f ≤ cX,(f) for any f : X → [0, 1], monotonicity is clear, let’s check continuity of any function g : X → Y :

cX,(f ◦ g)(x) = (f ◦ g)(x)+˙  = f(g(x))+˙ 

= cx,(f)(g(x))

= (cx,(f) ◦ g)(x) J

Proof of Proposition 3.21. We have to show continuity of all arrows f :(A, α) → (B, β). Let ξ ∈ (B, β) and x ∈ A, we have four cases: ∗ 1. f (ξ)(x) + (A,α)(x) < α(x) and ξ(x) + (B,β)(x) < β(x).

E ∗ ∗ (c(A,α)(f (ξ)))(x) = (f (ξ) + (A,α))(x)

= (α(x) ∧ ξ(f(x))) + (A,α)(x)

= α(x) ∧ (ξ(f(x)) + (A,α)(x))

≤ α(x) ∧ (ξ(f(x)) + (B,β)(f(x))) ∗ E = f (c(B,β)(ξ))(x) 28 Closure Hyperdoctrines, with paths

∗ 2. f (ξ)(x) + (A,α)(x) < α(x) and ξ(f(x)) + (B,β)(f(x)) ≥ β(f(x)). Notice that α(x) ≤ β(f(x)) so

∗ E f (c(B,β)(ξ))(x) = α(x)

from which:

E ∗ ∗ (c(A,α)(f (ξ)))(x) = (f (ξ) + (A,α))(x)

= (α(x) ∧ ξ(f(x))) + (A,α)(x)

= α(x) ∧ (ξ(f(x)) + (A,α)(x)) = α(x) ∗ E = f (c(B,β)(ξ))(x)

∗ 3. f (ξ)(x) + (A,α)(x) ≥ α(x) and ξ(x) + (B,β)(x) < β(x).

E ∗ (c(A,α)(f (ξ)))(x) = α(x)

= α(x) ∧ (ξ(f(x)) + (A,α)(x))

≤ α(x) ∧ (ξ(f(x)) + (B,β)(f(x))) ∗ E = f (c(B,β)(ξ))(x)

∗ 4. f (ξ)(x) + (A,α)(x) ≥ α(x) and ξ(x) + (B,β)(x) ≥ β(x).

E ∗ (c(A,α)(f (ξ)))(x) = α(x) = α(x) ∧ β(f(x)) ∗ E = f (c(B,β)(ξ))(x) We are left with additivity, but this follows immediately since, for ξ and ζ ∈ FzSub(A, α) and x ∈ A, (ξ ∨ ζ)(x) is ξ(x) or ζ(x). J

Proof of Lemma 3.26. 1. Clearly α ≤ preγX (α); if α ≤ β we have that

PγX (X (α)) ≤ PγX (X (β))

from which monotonicity follows; for f an arrow between γX : X → F (X) and γY : Y → F (Y ), we have a commutative diagram f X Y

γX γY

F (X) F (Y ) F (f) and computing we get the thesis:

pre ( (α)) = (α) ∨ ( ( (α))) γX Pf Pf PγX X Pf

= Pf (α) ∨ PγX (PF (f)(Y (α)))

= Pf (α) ∨ Pf (PγY (Y (α)))

= Pf (α ∨ PγY (Y (α)))

= Pf (preγY (α)) D. Castelnovo, M. Miculan 29

2. By hypothesis: ^ α ≤ PγX (X (β))

β∈NγX (α) ^ = PγX ( X (β))

β∈NγX (α) ^ = PγX (X ( β))

β∈NγX (α)

= PγX (X (sγX (α)))

3. The inequality α ≤ sucγX (α) follows at once, if α ≤ β we have PγX (X (α)) as in the first V V point but this implies that NγX (β) ⊂ NγX (α). Hence, θ ≤ θ, from θ∈NγX (α) θ∈NγX (β) which we deduce the monotonicity of sucγX . Let now f : X → Y be an arrow such that f X Y

γX γY

F (X) F (Y ) F (f)

commutes, and notice that for all θ ∈ NY (α) then

Pf (α) ≤ Pf (PγY (Y (θ))) = PγX (PF (f)(Y (θ))) = PγX (X (Pf (θ)))

hence Pf (θ) ∈ NX (Pf (α)) and thus ^ sucγX (Pf (α)) = Pf (α) ∨ sγX (Pf (α)) = Pf (α) ∨ β

β∈NX (Pf (α)) ^ ≤ Pf (α) ∨ β

β∈NX (Pf (α)) ^ ≤ Pf (α) ∨ Pf (β)

β∈NY (α) ^ ≤ Pf (α) ∨ Pf ( β)

β∈NY (α)

= Pf (α ∨ sγY (α)) = Pf (sucγY (α))

and we are done. J

Proof of Proposition 4.3. Associativity of composition and the fact that (x1, ..., xn) is the n identity for [xi : σi]i=1 follows from a straightforward computation. The empty context is n m clearly terminal while, given two contexts Γ := [xi : σi]i=1 and ∆ = [yi : τi]i=1 we can take their concatenation as a product Γ × ∆, the universal property follows immediately. J

Proof of Proposition 4.28. Cfr. [17], proposition 2.3.2. The existence of finite product is clear, let’s show the closedness. Projecting and evaluating we have a sequent w :(σ → τ)×σ ` πσ→τ (w)(πσ(w)) : τ, let evσ be the class of πσ→τ (x)(πσ(x)) in Term((σ → τ) × σ, τ) 30 Closure Hyperdoctrines, with paths

and let’s show its universality. Let ρ be another type and [M] ∈ Term(ρ × σ, τ) then we must have a sequent z : ρ × σ ` M : τ and, weakening, we can derive

x : ρ, y : σ, z : ρ × σ ` M : τ x : ρ, y : σ ` (x, y): ρ × σ x : ρ, y : σ ` M[(x, y)|z]: τ x : ρ ` λy : σ.M[(x, y)|z]: σ → τ

Let’s define

Λ([M]) := [λy : σ.M[(x, y)|z] ∈ Term(ρ, σ → τ)

Computing we have

evσ ◦ (Λ([M]) × 1σ) = [πσ→τ (w)(πσ(w))[((λy : σ.M[(x, y)|z])[pρ(z)|x], pσ(z))|w]]

= [(λy : σ.M[(pρ(z), y)|z])(pσ(z))]

= [M[(pρ(z), pσ(z))|z]] = [M]

For uniqueness it’s enough to notice that for any [N] ∈ Term(ρ, σ → τ):

Λ(evσ ◦ ([N] × 1σ)) = [λy : σ.πσ→τ (w)(πσ(w))[(N, y)|w]] = [λy : σ.N(y)] = [N] J

Proof of Lemma 4.30. 1. The type formation rules and for Prop tell us that Term(−, Prop) is a functor HoCl(Σ)op → HA in which the closure operator is given by

cΣ : Term(σ, Prop) → Term(σ, Prop) [φ] 7→ [C(φ)]

The fibered equality is given by the sequent

(M,N): σ × σ ` M =σ N : Prop

Now notice that the rules of derivation tell us that

Term(σ × τ, Prop) → Term(σ, Prop)

φ 7→ ∃x:τ (φ) Term(σ × τ, Prop) → Term(σ, Prop)

φ 7→ ∀x:τ (φ)

are the left and right adjoint to

Term(πσ, Prop): Term(σ, Prop) → Term(σ × τ, Prop)

φ 7→ φ ◦ πσ

and that Frobenius reciprocity and the Beck-Chevalley condition hold, and so we can conclude. 2. This follows immediately by the rules for conjunction. J D. Castelnovo, M. Miculan 31

Proof of Proposition 5.4. Monotonicity and inflationarity comes at once, take an arrow f : C → D, for any α ∈ P (D) we have: _ ∃f (reachC (Pf (ϕ))) = ∃f (Pf (ϕ)) ∨ ∃f (∃p(↑ Pp(ϕ))) p∈C(I,C) _ = ∃f (Pf (ϕ)) ∨ ∃f (∃p(∃π2 (ρ ∧ Pπ1 (Pp(Pf (ϕ)))))) p∈C(I,C) _ ≤ ϕ ∨ ∃f◦p(∃p(∃π2 (ρ ∧ Pπ1 (Pf◦p(ϕ)))) p∈C(I,C) _ ≤ ϕ ∨ ∃q(∃π2 (ρ ∧ Pπ1 (Pq(ϕ)))) q∈C(I,D) _ = ϕ ∨ ∃q(↑ Pq(ϕ)) q∈C(I,D)

= reachD(ϕ)

Groundedness is immediate; suppose now that P is an hyperdoctrine, then Pf commutes with suprema for any arrow f and, since P (C) is an Heyting algebra, infima distribute over them, so: _ _ _ _ reachC ( ϕk) = ( ϕK ) ∨ ∃p(∃π1 (ρ ∧ Pπ2 (Pp( ϕk)))) k∈K k∈K p∈C(I,C) k∈K _ _ _ = ( ϕk) ∨ ∃p(∃π1 (ρ ∧ Pπ2 (ϕk))) k∈K p∈C(I,C) k∈K _ _ = (ϕk ∨ ∃p(∃π1 (ρ ∧ Pπ2 (ϕk)))) k∈K p∈C(I,C) _ = reachC (ϕk) J k∈K

Proof of Theorem 5.9. 1. By continuity we have

cI (Pp(α)) ∧ Pp(¬α) ≤ Pp(cC (α)) ∧ Pp(¬α)

≤ Pp(cC (α) ∧ ¬α)

≤ Pp(ψ) By hypothesis,

cI (Pp(α)) ∧ Pp(¬α) ≤↑ Pp(α)

≤ Pp(φ) and

cI (Pp(α)) ∧ Pp(¬α) = cI (Pp(α)) ∧ Pp(¬α) ∧ >

= (cI (Pp(α)) ∧ Pp(¬α) ∧ Pp(φ)) ∨ (cI (Pp(α)) ∧ Pp(¬α) ∧ Pp(¬φ))

≤↓ Pp(¬φ)

hence, since p ∈ EscRC (φ, ψ):

cI (Pp(α)) ∧ Pp(¬α) ≤↑ Pp(φ)∧ ↓ Pp(¬φ) ∧ Pp(ψ) = ⊥ and we conclude by connectedness. 2. By the previous point Pp(α) = ⊥ for any p ∈ EscRC (φ, ψ) so Pp(¬α) = > that implies α ≤ ¬∃p(>) from which the thesis follows. J