Towards a Mathematical Operational Semantics
Daniele Turi∗ Gordon Plotkin†
Abstract mapped into a suitable semantic domain endowed with an operation for each construct of the language. Both We present a categorical theory of ‘well-behaved’ operational and denotational semantics are necessary operational semantics which aims at complementing for a complete description of a programming language: the established theory of domains and denotational se- the former for specifying the execution of the programs mantics to form a coherent whole. It is shown that, if and the latter for reasoning about them in terms of the operational rules of a programming language can be abstract, mathematical entities. It is therefore funda- modelled as a natural transformation of a suitable gen- mental that a denotational semantics be adequate, ie eral form, depending on functorial notions of syntax that it determines the operational behaviour of pro- and behaviour, then one gets the following for free: an grams [24]. operational model satisfying the rules and a canonical, For languages without variable binding, but possibly internally fully abstract denotational model which sat- multi-sorted, a denotational model can be seen as a isfies the operational rules. The theory is based on dis- Σ-algebra, where Σ is the signature of the language tributive laws and bialgebras; it specialises to the known corresponding to the basic constructs. The programs classes of well-behaved rules for structural operational themselves form the initial such Σ-algebra and the cor- semantics, such as GSOS. responding unique homomorphism from the programs to the denotational model is called initial algebra se- mantics [12]. Introduction The semantic domain, ie the carrier of the denota- tional model, can often be regarded as the final solu- tion of a domain equation X =∼ B(X), for a suitable Operational semantics, a fundamental tool in lan- ‘behaviour’ functor B. In other words, the semantic do- guage design and verification, provides a formal de- main is the final B-coalgebra. The transition relations scription of the behaviour of programs. It is often may also be seen as B-coalgebras and, therefore, so defined in terms of atomic, elementary transitions, de- can the intended operational model of a language. The scribing local behaviour. Mathematically, these trans- corresponding unique coalgebra homomorphism, given itions can be modelled as the elements of a relation, the by finality, from the intended operational model to intended operational model of the language. A con- the semantic domain is called final coalgebra semantics venient way of specifying such a transition relation is [2, 23]; under suitable assumptions on B, it is fully ab- by induction on the structure of the programs, starting stract with respect to behavioural equivalence. When from suitable operational rules for the basic constructs initial algebra and final coalgebra semantics coincide, of the language [21]. one has an adequate denotational semantics [23]. Traditionally, operational semantics is contrasted Adequacy proofs can be quite demanding, hence with the mathematical interpretation of programs general criteria ensuring adequacy are of interest. called denotational semantics, where programs are For process algebras, as used for specifying non-
∗Research supported by EuroFOCS. deterministic and concurrent programs [17, 5], there †Research supported by an EPSRC Senior Fellowship. exist syntactic restrictions on the format of the oper- ational rules which ensure that bisimulation [17] is a here is that the functor B cofreely generates a comonad congruence. Among the rules in these formats, GSOS D which should correspond to the global behaviours rules [8] are the best known and (negative) tree rules of the language. The comonad Dρ is a lifting of this [11] are the most general. In [22], the ‘processes as comonad D to the Σ-algebras, ie to the denotational terms’ method, based on such a congruence result, is models. However, one can still speak of the opera- presented which allows for the systematic derivation of tional monad defined by some abstract tree rules be- adequate denotational models from ‘tyft rules’ [13], a cause a general theorem shows that liftings of D to the class of rules equivalent to tree rules. Σ-algebras and liftings of T to the B-coalgebras are in We present here a categorical reformulation and gen- 1-1 correspondence. eralisation of the above adequacy meta-results. First, In fact, these liftings are also in 1-1 correspondence we show that certain sets of GSOS rules can be with the distributive laws λ of the monad T over the R modelled as natural transformations [[ ]] depending on comonad D., which generalise both abstract GSOS and R the functorial notions of signature Σ and behaviour abstract tree rules. One is led now to consider the bial- B. Next, it is shown that the mapping [[ ]] is gebras of such distributive laws. When λ corresponds R 7→ R an essentially 1-1 correspondence. The naturality of to some abstract operational rules ρ, the λ-bialgebras [[ ]] accounts for the syntactic restrictions on the oc- can be seen as combinations of operational and denota- R currences of meta-variables in GSOS rules and provides tional models which satisfy the rules. Henceforth they a categorical explanation of their good behaviour. are called ρ-models; they specialise to the GSOS mod- The first advantage of the above approach is that els of [25] and to models of tree rules (with an appro- the GSOS rules can be modelled not only in Set, but priate definition). also in every category with enough structure such as The primary fact about ρ-models is that, from res- the category of cpos and continuous functions used in ults in [15], it easily follows that the forgetful functors denotational semantics. This is a step towards bridging to each of the categories of denotational and opera- the gap between operational and domain theory. tional models have adjoints. One adjunction implies A second advantage is that the mathematical mod- that there exists an initial ρ-model – the intended oper- elling of the rules is a useful semantic tool in the in- ational model Tρ(0) for the initial algebra of programs. vestigation of syntactic formats. For instance, in Set By the definition of morphism of ρ-models, this also the ‘dual’ of the type of natural transformation cor- implies that every ρ-model is adequate with respect to responding to GSOS also corresponds to an interesting the intended operational model in the sense that the format, namely the safe tree rules: these form a natural behaviour of the programs can be determined from any subclass of (negative) tree rules which always possess a ρ-model up to a generalised, coalgebraic notion [4, 16] satisfying transition relation. Interestingly, the failure of bisimulation. to fit the class of (simple negative) tree rules in the The other adjunction implies that there exists a final present approach brought to light a slight inaccuracy ρ-model – the canonical denotational model Dρ(1) over in the literature and, eventually, led to the discovery the final coalgebra of abstract, global behaviours. It of the safe tree rules. is necessarily adequate; further, it is internally fully A third advantage is that by varying Σ and B a wide abstract with respect to coalgebraic bisimulation. The variety of notions of program constructs and behaviour derivation of this final model specialises to the above can be accommodated. (See also [30].) Further, one mentioned processes-as-terms method. can study abstract notions of operational rules ρ, such The unique homomorphism from the initial to the as ‘abstract GSOS’ and ‘abstract tree rules’, applicable final ρ-model is both the initial algebra and final coal- to languages other than process algebras and whose gebra semantics for the abstract rules ρ. It is called properties can be studied in general. here universal semantics; it is the most abstract com- In this theory we assume that Σ freely generates positional interpretation of programs preserving beha- a monad T which is thought of as corresponding to vioural distinctions. Moreover, if the behaviour functor the syntax of the language. The first result is that B satisfies a certain mild condition, every ρ-model has such abstract operational rules ρ induce an operational a greatest (generalised) bisimulation which, moreover, monad Tρ lifting the monad T to the B-coalgebras, ie is a (generalised) congruence. This specialises to the to the operational models, in the sense that its action fact that bisimulation is a congruence for GSOS and on the carriers is the same as the monad T . for tree rules. If ρ is of abstract tree rules form rather than ab- The generalised, coalgebraic notion of bisimulation stract GSOS, then, by duality, one first coinductively considered here is to be understood as the behavioural derives a denotational comonad Dρ. The assumption equivalence corresponding to the functor B under con- sideration. It might take forms quite different from empty set. In general, the type B of the behaviour of ordinary (strong) bisimulation. For instance, for the the above language is behaviour functor in [14] it specialises to the much BX = ( X)A (2) coarser (complete) trace equivalence. As a corollary, Pfi one has an abstract format of rules ensuring that trace the (covariant) functor mapping a set X to the set of equivalence is a congruence [30]. functions from A to finite subsets of X. To some extent, one can also deal with weak bisimu- A Let x and y range over X, β range over ( fiX) , and lation in this setting. As shown, eg in [13], weak bisim- P let us write a ; x1, . . . , xn for the function from A to ulation for a given set of rules can be reduced to strong { } fiX mapping a to x1, . . . , xn and all other elements bisimulation by adding three special rules for the τ- ofP A to the empty set.{ Then, for} each operator σ of the action. (See also [3].) These rules are in the tyft/tyxt signature, the corresponding rules can be modelled as format, but they can be compiled into safe tree rules, a function hence the present theory can be applied. This way of A arity(σ) A dealing with weak bisimulation is quite indirect, but [[σ]] : (X ( fiX) ) ( fiTX) that just reflects the absence of an established denota- × P → P tional model for it. A more direct treatment of weak as follows. bisimulation might arise following [9]. [[nil]] = a 7→ ∅ [[a.]](x, β) = a ; x 1 The Motivating Example: GSOS { } x0 y x0 β(a) { k | ∈ } (x, β)[[ ]](y, β0) = a Consider the language with signature Σ consisting of k 7→ ∪ x y0 y0 β0(a) a constant symbol ‘nil’, a set of unary action prefixing { k | ∈ } operators indexed by a finite set A of actions ranged Using the universal property of coproducts, these func- over by a, and a binary parallel composition operator tions can then be glued into a single function, say ‘ ’. This signature freely generates, for every set X of variablesk x, the set TX of terms t given by the abstract [[ ]] : 1 ( (X BX)) (X BX)2 BTX R X q A × q × → grammar t ::= x nil a.t t t Note one has` a function [[ ]]X for each set X of vari- | | | k ables. In fact, one should thinkR of the variables in the This set TX is the carrier of the free Σ-algebra over X, rules as being ‘meta-variables’. Most importantly, the where, in general, a Σ-algebra is given by a (carrier) set above definition of [[ ]]X is natural in X: for every Y and a function h mapping each operator σ of arity n renaming of the variablesR (possibly involving equating in the signature to a function of type Y n Y . More some of the variables), first renaming and then apply- → concisely, the function h can be written as ing the rules is the same as first applying the rules and then renaming. As shown in 5 and 7 the naturality arity(σ) h : Y Y (1) of [[ ]] explains the good behaviour§ of§ . → σ Σ R R a∈ More generally, let Ai and Bi range over subsets of A and let be a set of rules of the form using the disjoint union functor ‘ ’ (coproduct in Set) R to glue the interpretation of the various operators to- a a 1 i n, a Ai b 1 i n xi yij 1≤j≤ma ∈ xi b≤B≤ ` { −→ } ≤ ≤ i { −→}6 ∈ i gether. c (3) Next, let the operational rules inductively defin- σ(x1, . . . , xn) t R −→ ing the (labelled) transitions performable by the pro- which is image finite in the sense that there are finitely grams of the above language be many rules for each operator σ in Σ and action c in A. a a For every set X, one can associate to a function a x x0 y y0 R a.x x −→a −→a A arity(σ) A −→ x y x y x y x y [[ ]]X : (X ( fiX) ) ( fiTX) (4) 0 0 R × P → P k −→ k k −→ k σ Σ For instance, the simple program (a.nil) (a.nil) can a∈ k as follows. For all t in TX, c in A, xi in X, and βi in either perform the action a becoming nil (a0.nil) or k ( X)A, put perform a becoming (a.nil) nil. The (local) beha- Pfi viour of this program can bek modelled as the function t [[ ]]X (σ((x1, β1),..., (xn, βn)))(c) from A to finite subsets of terms mapping a to the set ∈ R (a.nil) nil, (a.nil) nil and all other actions to the if and only if the following condition holds. { k k } a a a Condition 1.1 There exists a (possibly renamed) rule βi(a) = yij j = 1, . . . , mi so that the xi and yij are a a { | } (3) in such that yi1, . . . , yima is a subset of βi(a), all distinct. Then write a rule R { i } for a in A , and β (b) is empty, for b in B . 2 i i i a 1 i n b 1 i n x β (a) ≤ ≤ x ≤ ≤ i i a Ai A i b A A { −→ } ∈ ⊆ { −→}6 ∈ \ i Note the function [[ ]] does not need to be natural in c (6) R X σ(x , . . . , x ) t the set X. 1 n −→
whenever t ρX (σ((x1, β1),..., (xn, βn)))(c) and Definition 1.1 (GSOS [8]) A GSOS rule is a rule of A = a A ∈β (a) = . Naturality ensures this is a a i { ∈ | i 6 ∅} type (3) such that the xi and yij are all distinct and, GSOS rule. It can be further shown that naturality moreover, these are the only variables which can occur and the finiteness of A ensure that the resulting set of in the term t. 2 rules is image finite. 2 Two sets of rules are called equivalent if they prove We do not understand this situation for infinite A, although the above definition of [[ ]] still works. the same rules in the sense of [11, Def. 2.5]. R Theorem 1.1 (GSOS is natural) There is a corres- 2 GSOS is Categorical pondence between natural transformations of type In this section, let be a distributive category with (X ( X)A)arity(σ) ( TX)A (5) C × Pfi → Pfi infinite coproducts and a commutative free semi-lattice σ Σ a∈ monad f . The claim is that GSOS rules can be mod- P and image finite sets of GSOS rules for a signature Σ elled in every such category. (over a fixed denumerably infinite set of variables V ). Note, first, that to every signature Σ one can asso- Moreover, this correspondence is 1-1 up to equivalence ciate an endofunctor on Set with the same name: of sets of rules. ΣX = Xarity(σ) Proof. We just describe the correspondence. One σ Σ a∈ direction is given by the above mapping [[ ]]. R 7→ R Clearly, this definition also makes sense in . As for naturality, let us introduce some useful C Next, rewrite BX = ( X)A as BX = (1 + X)A, abbreviation first: for every function f : X X , fi f 0 which, again, makes senseP in : the power Y APis the write f for the function ( f)A, Γ for the→ set ∗ fi product Y , is the free semi-latticeC monad which [[ ]] (σ((x , β ),..., (x , β )))(Pc), and Γ for the set A f X 1 1 n n 0 in Set is the relevantP part of the endofunctor ob- [[R]] (σ((fx , f β ),..., (fx , f β )))(c). Then the fi X0 1 ∗ 1 n ∗ n tained byQ removing the empty set, and ‘+’ is justP an- claimR is that other notation for the binary coproduct.
1. t Γ, t0 Γ0, t0 = (T f)(t) It remains to generalise T . For this, let Σ be ∀ ∈ ∃ ∈ an arbitrary endofunctor on and let Σ-Alg be the C and, conversely, corresponding category of Σ-algebras: objects are pairs X, h , where the ‘carrier’ X is an object and h i 2. t0 Γ0, t Γ, t0 = (T f)(t) the ‘structure’ h :ΣX X is a morphism of ∀ ∈ ∃ ∈ → ; the ‘homomorphisms’ f : X, h X0, h0 are the Consider the first clause. If t is in Γ then Con- C h i → h i morphisms f : X X0 between the carriers such that dition 1.1 holds. Clearly, β (b) = if and only → i f h = h0 (Σf). If the forgetful functor a a ∅ if (f ∗βi)(b) = , and y , . . . , y a βi(a) implies ◦ ◦ i1 imi a a ∅ { } ⊆ Σ fy , . . . , fy a (f ∗βi)(a), therefore (T f)(t) is in U :Σ-Alg X, h X i1 imi { } ⊆ a → C h i 7→ Γ0, because the xi and yima are the only variables oc- i mapping Σ-algebras to their carriers, has a left adjoint curring in the rule. For the second clause, one also uses Σ a F , then the corresponding monad the fact that the xi and the y a in a GSOS rule are all imi distinct, hence the value of Γ0 does not depend on any T = U ΣF Σ (7) of the possible identifications made by the renaming function f. is the monad freely generated by Σ. In the converse direction, given a natural transform- For finitary endofunctors Σ as the one above, it suf- ation ρX of type (5), one can define a set of rules as fices that has ω-colimits for the adjunction F Σ U Σ a C a follows. Let V be x1, x2,... and let x y1, . . . , yk to hold and T to be defined. Thus one can take T a −→a { } be an abbreviation for x y , . . . , x y . Choose to be the monad freely generated by the endofunctor −→ 1 −→ k arity(σ) ΣX = σ Σ X . In Set, its value TX at a set Several examples illustrating the use of the general- X is the set∈ of terms corresponding to the operators ity of (8) are given in [30]. Here is a brief summary σ of the` signature and with variables x in X; the unit thereof. Firstly, the operational rules of deterministic ηX : X TX is the insertion-of-variables function programs with exceptions and side-effects can be mod- which maps→ a variable x in X to the same variable but elled instantiating (8) with the behaviour endofunctor 2 S seen as a term; and the multiplication µX : T X TX BX = (S (1 + X)) , where S Y is the copower S Y . is the operation which allows one to plug terms→ into As shown· below, the behavioural· equivalence cor- A ` contexts. responding to BX = ( fiX) is bisimulation; a coarser equivalence, namely traceP equivalence, can be obtained Theorem 2.1 For any image finite set of GSOS by considering the endofunctor BX = 1 + A X on the R rules, a natural transformation category SL( ) of semi-lattices in a category· . (This is a simplifiedC version of the behaviour in [14].)C The A arity(σ) A [[ ]] : (X (1 + f X) ) (1 + f TX) program construct endofunctor to be considered then is R × P → P σ Σ ⊗ a∈ Σ : SL( ) SL( ), a monoidal generalisation of the endofunctorC → Σ onC cartesian categories. For instance, can be defined in the internal language of distributive for the language of 1, Σ⊗X = 1 + X + (X X), categories with infinite coproducts and a commutative A where ‘ ’ is the tensor§ product of semi-lattices. ⊗ free semi-lattice monad . In the case of Set it spe- f Note⊗ that (8) can be instantiated` to rules not only cialises to the transformationP (4). for single-sorted languages but also for multi-sorted Proof. The transformation [[ ]] in (4) can be defined ones; it suffices to work with signatures (and beha- categorically using: projectionsR and injections, pairing viours) over ‘power categories’. and copairing, and the associativity, symmetry, unit, Finally, we briefly consider recursion. GSOS stands and distributive laws for products and coproducts; the for ‘SOS for non-deterministic programs with guarded unique map to the final object 1; the unit and the free recursion’, because the full definition also allows for structure of the monad T ; the join of free semi-lattices; definitions of programs by guarded recursion. In [30], the unit and the strength of the commutative monad a functorial notion of guard is given which allows one f . (The use of the strength depends on the assumption to generalise the definitions by guarded recursion to that,P because is image finite and A is finite, for each abstract rules of type (8). Moreover, one can also treat operator the setR of rules is finite.) 2 unguarded recursion by realising the abstract rules, for The characterisation of GSOS given by the above instance, in the category of cpos and partial continuous theorem allows one, for instance, to realise GSOS rules functions and exploiting algebraic compactness. This in the category of cpos and continuous functions as involves precomposing the endofunctor Σ with the lift- used in domain theory, rather than in Set. ing endofunctor, so that one freely generates not only finite but also partial and infinite terms, the latter be- 3 Abstract GSOS ing used to unfold recursive definitions of programs.
In general, given a cartesian category and arbit- 4 Coalgebras rary functorial notions of program constructsC Σ and behaviour B on , with Σ freely generating the syntax The intended operational model of a set of con- T , one can defineC a corresponding abstract notion of crete GSOS rules is the least relation R T A T a ⊆ ∅ × × ∅ which satisfies the rules, where x x0 stands for operational rules as the natural transformations ρ of −→ x, a, x0 R. In general, a relation of type X A X type h i ∈ × × Σ(Id B) BT (8) is called a labelled transition system [21] with set of × ⇒ states X and set of labels A. We shall need the following characterisation. For image finite sets of GSOS rules it suffices to con- sider image finite transition systems, where, for each Proposition 3.1 There is a 1-1 correspond- state and each action, the image of the transition re- ence between natural transformations of type lation is a finite set. These are in 1-1 correspondence Σ(Id B) BT and those of type Σ(T BT ) BT . with functions k : X ( X)A as follows. × ⇒ × ⇒ → Pfi Proof. One direction of the correspondence is given by a x x0 x0 k(x)(a) (9) the mapping ρ % = Bµ ρT : Σ(T BT ) BT , for −→ ⇐⇒ ∈ ρ : Σ(Id B) 7→BT . In the◦ converse× direction,⇒ simply If, as considered here, the set A is finite, then image precompose× % ⇒: Σ(T BT ) BT with Σ(η Bη). 2 finite transition systems cut down to finitely branch- × ⇒ × ing transition systems, where for each state, the set of Let B be an endofunctor on a category with kernel outgoing transitions is finite. pairs and let the internal equality of a coalgebraC X, k A h i A function k : X ( fiX) is a coalgebra of the be the kernel pair (in the underlying category ) of the → PA C endofunctor BX = ( fiX) on Set. Formally, given an identity on its carrier X. One can easily prove that: endofunctor B : P , a B-coalgebra is a pair X, k , where the carrierC →X Cis an object and the structureh i k : X BX is a morphism of . One often identifies Proposition 4.1 (Strong Extensionality) → C a coalgebra X, k with its structure k. Internal equality is the final B-bisimulation of h i The B-coalgebras form a category B-Coalg, with ho- the final B-coalgebra. 2 momorphisms f : X, k X0, k0 the morphisms h i → h i In general, final coalgebras need not exist, but if f C X X0 has a final object 1, and the forgetful functor UB has a right adjoint GB : B-Coalg, then GB1 is the final k k0 B-coalgebra. ForC the → endofunctor BX = ( X)A on Pfi Set, such a right adjoint GB exists [6]. It follows [29, BX BX0 13] that the final coalgebra G 1 is the set of rooted, Bf B image§ finite trees, with branches labelled by a A, quotiented by (ordinary) bisimulation. This is the∈ set f : X X0 between the carriers such that → of ‘abstract global behaviours’, ie the (abstract) non- k0 f = (Bf) k. Note the forgetful functor ◦ ◦ deterministic processes.
UB : B-Coalg X, k X Semantically, the above strong extensionality result → C h i 7→ specialises then to the fact that such a final coalgebra mapping coalgebras to their carriers. is internally fully-abstract [1] with respect to bisimu- A For BX = ( fiX) , the coalgebra homomorphisms lation, ie its largest bisimulation is the equality, hence P are, up to the correspondence (9), the same as the P- bisimilar elements are indistinguishable. open morphisms of [16], where P is a suitable category of finite sequences of actions. (Thus, for this choice of B, B-Coalg is a proper subcategory of the standard 5 Operational Monads category of transition systems [31].) As a consequence, two transition systems are (strongly) bisimilar [17] if and only if there is a span of coalgebra homomorphisms Definition 5.1 Let T and B be endofunctors on the same category . An endofunctor T on the category between them. This leads to the following coalgebraic C notion of bisimulation, a mild generalisation of the one of B-coalgebras lifts the endofunctor T to the B- in [4]. coalgebras if UBT = TUB, ie the diagrame
e T Definition 4.1 (Coalgebraic Bisimulation) A B- B-Coalg B-Coalg bisimulation between two coalgebras X , k and h 1 1i X2, k2 of an endofunctor B is a triple X, f1, f2 e UB UB hsuch thati such that there exists a coalgebrah structurei k : X BX making X, k , f , f a span → hh i 1 2i CC X, k T h i f1 f2 commutes. (Cf [15].) X1, k2 X2, k2 i h ih When both T and T are monads, T lifts the monad T to the B-coalgebras if the forgetful functor of coalgebra homomorphisms f ,f . 2 1 2 U : B-Coalg (togethere with the identitye natural B → C One can form the category of B-bisimulations transformation) is a monad morphism [27] from T to between two coalgebras X1, k1 and X2, k2 of an T . 2 endofunctor B on a categoryh i : theh morphismsi e C g : X, f1, f2 X0, f10 , f20 are those g : X X0 in (thush not necessarilyi → h coalgebrai homomorphisms)→ suchC Remark 5.1 A monad T lifts a monad T = T, η, µ h i that fi = fi0 g, for i = 1, 2. to the B-coalgebras if and only if UBT = TUB and, for ◦ e e every B-coalgebra k : X BX, the diagram T (k): TX BTX to be the unique map → % →
ηX ψX ηX µX T XX T 2X XTX ΣTX
2 k k T (k) T (k) T%(k) Σ id,T%(k) BX h i 2 Bη e BTXBT XBX e X BTX Σ(TX BTX) BηX BµX %X × commutes. 2 given by the above theorem.
Consider now T to be the monad freely generated Proposition 5.1 If the morphism %X is natural in X, Σ Σ then the above construction k T (k) extends to a by an endofunctor Σ. The adjunction F U gives a 7→ % well-known structural recursion theorem whicha special- monad T% lifting T to the B-coalgebras. ises to the ordinary recursion (or iteration) theorem for Proof. First one needs to prove that, for every coal- natural numbers, covering the simplest form of prim- gebra homomorphism f : X, k X0, k0 , T f is a itive recursive functions, but not others such addition, coalgebra homomorphism, ieh i → h i multiplication, exponentiation, etc, which need para- meters and ‘accumulators’. (By structural recursion T%(k0) T f = BT f T%(k) we mean definition by structural induction.) Here we ◦ ◦ shall need the following ‘folklore’ structural recursion so that one can define T%f to be T f. For this, theorem [20] with accumulators, ie with terms as para- simply note that both composites T (k0) T f and R ◦ meters of the recursive definition. BT f T (k) fit as the unique morphism ◦ R
ηX ψX X TX ΣTX Theorem 5.1 (Structural Recursion) Let T be a f monad freely generated by an endofunctor Σ on a Σ id, ! h i cartesian category and let ψX :ΣTX TX be the X0 structure of the freeC Σ-algebra over an object→ X of . ! Σ(TX BTX0) k0 × For all morphisms f : X Y and h : Σ(TX Y ) CY BX0 Σ T f, id in there exists a unique→ morphism f ] : TX× →Y in h i C → BηX such that 0 BTX0 Σ(TX0 BTX0) C × %X0 ηX ψX XTX ΣTX given by Theorem 5.1, hence they must be equal. (The naturality of % is essential here!) f ] Σ id, f ] f h i Next, one has to verify that the endofunctor T% lifts the operations of the monad T . From Re- Y Σ(TX Y ) mark 5.1, it suffices to show that, for every coal- × h gebra structure k : X BX, T%(k) ηX = BηX k and T (k) µ = Bµ →T 2(k), ie the◦ unit and the◦ % ◦ X X ◦ % commutes. multiplication of T are coalgebra homomorphisms. For the unit, this is immediate by definition of the func- tor T , while for the multiplication one also needs to Proof. Turn h into the Σ-algebra structure % use the naturality of ρ and the fact that µ is defined ψ Σπ , h : Σ(TX Y ) TX Y over the X 1 by (ordinary) structural recursion on the free algebra producth ◦ TX iY and then× apply→ the× ordinary structural structure. 2 recursion theorem× to it and η , f : X TX Y . 2 h X i → × Recall Proposition 3.1. For every map Definition 5.2 The operational monad induced by some abstract operational rules ρ : Σ(Id B) BT , × ⇒ %X : Σ(TX BTX) BTX (10) is the monad T corresponding to the composite nat- × → % ural transformation % = Bµ ρT : Σ(T BT ) BT . and every coalgebra k : X BX, define the coalgebra We write T for this monad. ◦ × ⇒ 2 → ρ Let us try and understand the operational monad In particular, such a lifting can be obtained from nat- Tρ when ρ = [[ ]], for a set of concrete GSOS rules. ural transformations Firstly, applyingR ρ toRTX amounts to instantiating ρ :ΣD B(Id + Σ) (12) the meta-variables of the rules with the terms in TX. ⇒ Formally, in this way the term t in a GSOS rule (3) by dualising Proposition 3.1 and putting might contain terms as variables: one needs to apply % = ρ Σδ :ΣD B(D + ΣD). This is the de- D ◦ ⇒ to it the multiplication of the term monad T in order notational comonad Dρ coinduced by ρ. to ‘unbracket’ it and obtain an elementary term. This Let Σ freely generate a monad T . In the next sec- is achieved here by composing ρTX with BµX . tion, Theorem 7.1 shows that liftings of the comonad Next, recall the correspondence (9) between coal- D to the Σ-algebras are in 1-1 correspondence with lift- gebras k : X BX = ( X)A and image finite trans- → Pfi ings of the monad T to the B-coalgebras. Therefore, ition systems. By regarding X as a set of constants if Σ corresponds to some program constructs and B to rather than as a set of states, the correspondence (9) some behaviour, every natural transformation ρ as in can also be seen as being between coalgebras and sets (12) defines also an operational monad, say Tρ (with a of δ-rules [8], ie axiom rules. Up to these two corres- slight abuse of notation). pondences, one can then check that k Tρ(k) is the As mentioned in 4, for the endofunctor 7→ A § usual construction of a transition system for a finite BX = ( fiX) on Set the adjunction UB GB set of GSOS rules and a possibly infinite (but image P a R exists. The value of the corresponding cofree comonad finite) set k of δ-rules. In particular, if X is the empty D = UBGB at a set X is the set of ‘global behaviours set, hence k is the trivial coalgebra 0 : B and with states x in X’. Formally, it is a quotient of the TX = T is the set of closed terms, this∅ construction → ∅ ∅ set of rooted, image finite trees, with branches labelled gives the intended operational model for the rules. by a A, and nodes labelled by x X; the quotient These remarks hold for arbitrary rules of type (3) is taken∈ with respect to a form of bisimulation∈ taking and, correspondingly, to possibly non-natural functions into account the name of the nodes [29, 13]. The [[ ]] . The naturality of GSOS ensures that T is an § R X ρ counit ε : D Id is the operation which extracts the operational monad, which is essential for applying the root from a tree⇒ and the comultiplication δ : D D2 theory in 7. ⇒ § is the operation which replaces the name of every node in a tree by the subtree starting at that node. 6 ‘Dualising’ GSOS: Tree Rules Next, consider rules of type
ai bj The duality between algebras and coalgebras can be zi yi i I wj j J { −→ } ∈ { c−→}6 ∈ (13) exploited to find a format of rules ‘dual’ to abstract σ(x , . . . , x ) t 1 n −→ GSOS as follows. where the x , y , z , and w are all variables, and I and Let Σ and B be two endofunctors on a cocartesian k i i j J are countable, possibly infinite index sets. It is con- category and let D = D, ε, δ be the cofree comonad venient to consider the dependency graph [13] of such generatedCby B, that is,h the forgetfuli functor U has a B a rule, namely the directed graph having the variables right adjoint GB : B-Coalg and ai C → of the rule as nodes, zi yi, for i in I as ‘positive’ bj −→ D = UBGB (11) edges, and wj as ‘negative’, targetless edges. A rule of type (13)−→ is6 well-founded if all backwards chains By the dual of Theorem 5.1 and Definition 5.1, every of edges in its dependency graph are finite [13]. natural transformation Definition 6.1 (Tree rules [10, 11]) A(simple % :ΣD B(D + ΣD) ⇒ negative) tree rule is a well-founded rule of type (13) such that the x and the y are all distinct variables coinductively defines a lifting Dρ of the comonad D to k i the Σ-algebras: and are the only variables occurring in the rule (ie the zi and wj are all occurrences of the xk and yi). D% Σ-Alg Σ-Alg A tree rule is safe if the term t either is a variable x or is of the form σ0(x10 , . . . , xm0 ) for some operator σ of the signature and some (not necessarily distinct) U Σ U Σ 0 variables x10 , . . . , xm0 . 2 Tree rules are more general than GSOS: they allow D CC for ‘lookahead’, in that one can look not only at the local behaviour (a single transition x a y) of the as the failure to fit these latter rules in the present the- states like in GSOS, but also at the global−→ one, as in ory brought to light. In fact, the safe tree rules them- a b x y y0. (See [13] for some examples.) The selves have been suggested to us by Rob van Glabbeek safety−→ restriction−→ does not affect the expressive power as a natural subclass of (negative) tree rules possessing of the rules, provided one is allowed to add sufficiently a satisfying transition system. many auxiliary operators to the signature. A tree rule (13) has the property that its depend- 7 Combining Operational and Denota- ency graph is equal to the graph reachable from the tional Models nodes x1, . . . , xn. Moreover, the subgraph reachable from a node xk is a tree – the dependency tree with When T is the monad freely generated by an en- root xk. Let us call a set of tree rules allowed if it is an dofunctor Σ on a category , then one can easily see image finite set (in the sense of 1) of tree rules whose C § that the category Σ-Alg of algebras of the endofunc- dependency trees are image finite. Then, an allowed tor Σ is isomorphic to the category T -Alg of algebras set of tree rules defines, for every X, a function of the monad T = T, η, µ , with objects those morph- R h i A isms h : TX X in such that h ηX = id and [[ ]]X :ΣDX ( fiTX) (14) → C ◦ R → P h T h = h µX . Dually, the category B-Coalg of B- ◦ ◦ as follows. coalgebras is isomorphic to the category D-Coalg of coalgebras of the comonad D cofreely generated by B For all t in TX, c in A, and dk in DX, put [29, 7]. The results in this section should be read up § t [[ ]] (σ(d , . . . , d ))(c) to these two isomorphisms of categories ∈ R X 1 n if and only if there exists a (possibly renamed) rule Σ-Alg ∼= T -Alg B-Coalg =∼ D-Coalg (13) in such that the root of dk is xk, for 1 k n, and theR dependency trees of the rule can be embedded≤ ≤ 7.1 Distributive Laws in the dk (where the convention is that a tree with a bj Given a monad T = T, η, µ and a comonad negative edge w can be embedded into d only if j k D = D, ε, δ on a categoryh , a distributivei law [7] of the variable in d −→corresponding6 to w does not have k j the monadh Ti over the comonadC D is a natural trans- an outgoing edge labelled by b ). j formation λ : TD DT satisfying the laws ⇒
Theorem 6.1 (Tree rules are natural) Let D be λ ηD = Dη λ µD = Dµ λT T λ the comonad cofreely generated by the endofunctor ◦ ◦ ◦ ◦ BX = ( X)A on Set. and their dual Pfi For every allowed set ρ of tree rules the function [[ ]] in (14) is natural in X. T ε = εT λ Dλ λD T δ = δT λ R X ◦ ◦ ◦ ◦ Proof. Similar to the proof of naturality in Theorem The following theorem may well be folklore. 1.1. Note the well-foundedness of tree rules is needed. For instance, the non-well-founded rule with premise Theorem 7.1 For a monad T and a comonad D on x a x and conclusion a.x a nil is not natural be- the same category, the following notions are mutually cause:−→ first applying [[a.]] to (−→x a y) and then renam- equivalent. −→ ing y as x yields a ; x , while the same operations Distributive laws λ of T over D. but in the reverse order{ yield} a ; x, nil , which fact • violates naturality. { } 2 Liftings T of T to the D-coalgebras. • In particular, if the rules in are safe, the natural R Liftings D of D to the T -algebras. transformation [[ ]] is of type • e R Proof. Given a distributive law λ, one can define the ΣD ( (Id + Σ))A e ⇒ Pfi corresponding liftings as follows.
Therefore, for every allowed set of safe tree rules Tλ(k) = λX T k Dλ(h) = Dh λX there exists a transition systemR which satisfies the ◦ ◦ rules, namely T (0), where ρ = [[ ]] and T is the cor- Conversely, consider a lifting T of the comonad ρ R ρ responding operational monad. Contrarily to what is D to the T -algebras, hence UDT = TUD. By stated in [11], this fails for (simple negative) tree rules, Lemma 1 in [15], this determinese a distributive e law λ of the monad T over the endofunctor model, and the pentagonal law (15) says that the com- D as follows: first take the natural transforma- bination of the two models satisfies the rules ρ. Hence- tion T ε : UDTGD = TUDGD = TD T , then trans- forth such bialgebras are called ρ-models. pose it across the adjunction U⇒ G obtain- Da D ing λ : TGD e GDT , and finally define λ to be 7.3 Adequacy Meta-Results U λ : U TG ⇒= TD DT . It is easy to prove D D D ⇒ that λ eactually is a distributive law over the Consider the forgetful functor whole comonade D. Dually, given a lifting D, λ take η : D DT = DU T F T = U T DF T , transpose it U : λ-Bialg D-Coalg X, h, k X, k D ⇒ → h i 7→ h i across F T U T obtaining λ : F T D DF T , and definee a ⇒ which forgets the algebra structure of a λ-bialgebra. λ to be U T λ : U T F T D = TD DTe= U T DF T . The ⇒ constructions are easily seen to be mutuallye inverse. 2 Theorem 7.2 U λ has a left adjoint, namely: When T is syntax and D is (global) behaviour,e the type of the distributive law λ might thought of as ‘the λ µ T (k) (X k DX) F (T 2X X TX λ DTX) most general type of well-behaved rules’. Note one can −→ 7−→ −→ −→ also consider monads T corresponding to algebraic the- Proof. Dualise Theorem 4 of [15] and apply it to ories, with equations between the derived operators. (See [29, 10] for an elementary example.) U λ § D-Coalg Dλ-Coalg 7.2 Bialgebras as Models UD UDλ Given a distributive law λ : TD DT , one can con- sider the category λ-Bialg of λ-bialgebras⇒ . Its objects T -Alg C U T are pairs TX h X k DX of T -algebras and D- coalgebras with−→ a common−→ carrier X which satisfy the where λ-Bialg = Dλ-Coalg by Remark 7.1. 2 following ‘pentagonal law’: ∼ Corollary 7.1 The category of λ-bialgebras has an k h = Dh λ T k ◦ ◦ X ◦ initial object, namely F λ0, where 0 is the trivial initial (Cf [28].) This law makes h a coalgebra homomorph- D-coalgebra. 2 ism and k an algebra homomorphism. The morphisms In particular, there exists an initial ρ-model, which f : X, h, k X , h , k of λ-Bialg are those morph- 0 0 0 can be regarded as the intended operational model over ismsh f : Xi →X h betweeni the carriers which are both 0 the initial algebra of programs T 0. This implies that T -algebra and→ D-coalgebra homomorphisms. every ρ-model M is adequate with respect to the inten- ded operational model of ρ. Indeed, the unique ρ-model Remark 7.1 The λ-bialgebras are the same as the al- homomorphism to M given by initiality is a denota- gebras of the monad T of Theorem 7.1, and, dually, λ tional interpretation which preserves the behavioural the same as the coalgebras of the comonad D : λ distinctions of the intended operational model. This makes M adequate. Tλ-Alg =∼ λ-Bialg ∼= Dλ-Coalg Now, consider the ‘dual’ of U λ, namely the functor Remark 7.2 When λ is the distributive law induced U : λ-Bialg T -Alg X, h, k X, h by a finite set of concrete GSOS rules, the λ-bialgebras λ → h i 7→ h i are the GSOS-models of [25]. 2 which forgets the D-coalgebra structure of a λ- bialgebra. Correspondingly, the following is dual to Given a Σ-algebra h :ΣX X, let h∗ : TX X be its inductive extension to a→T -algebra. When→λ is Theorem 7.2. induced by some abstract operational rules ρ, no mat- ter whether of type (8) or the dual (12), λ-bialgebras Theorem 7.3 Uλ has a right adjoint, namely: h k are equivalent to pairs ΣX X BX such that h Gλ Dλ(h) δX −→ −→ (TX X) (TDX DX D2X) −→ 7−→ −→ −→ k h = B(h∗) ρX Σ id, k (15) ◦ ◦ ◦ h i Corollary 7.2 The category of λ-bialgebras has a fi- The algebra structure can be thought of as a denota- nal object, namely Gλ1, where 1 is the trivial final tional model, the coalgebra structure as an operational T -algebra. 2 In particular, there exists a final ρ-model which is Future Work the canonical denotational model for ρ; it has the final D-coalgebra as carrier which, as mentioned in 4, is in- § The major challenge ahead is the operational se- ternally fully abstract with respect to B-bisimulation. mantics of the languages with variable binders, such The construction 1 G 1 = D1,D (1), δ general- 7→ % h % 1i as the π-calculus and the λ-calculus. (At the moment, ises the ‘processes as terms’ construction of [22], which by working in a suitable functor category, we are able is a systematic method for deriving adequate denota- to give a functorial description of syntax with variable tional models from ‘tyft rules’ [13] (a class of rules equi- binders, but it is not yet clear whether this fits our pur- valent to the tree rules without negative premises [10]). poses.) We would also like to obtain adequacy results For more details, see [30]. when working in categories of partial maps. There is an obvious question about Moggi’s compu- Corollary 7.3 The unique (both by initiality and fi- tational monads [19] and our behaviour functors which nality) homomorphism from the initial to the final ρ- remains to be investigated. In a different direction, we model is both the initial algebra semantics and the final would like to understand the relationship between the coalgebra semantics for ρ. 2 transitional approach considered here and others, such as the the reductional one arising in the λ-calculus and The above, say, universal semantics for ρ is thus term-rewriting in general. a compositional interpretation of the programs which Further developments of the present theory could preserves their behavioural distinctions. In Set, the lead to applications in modular compiler development latter means that two programs with the same univer- technology. Perhaps there will be a useful theory of sal semantics are B-bisimilar. One can easily see that, the combination of operational semantics of different under the additional hypothesis that B preserves weak languages (cf [18]). Again, perhaps one can relate the pullbacks, the converse also holds: two programs have operational semantics of a language with that of its the same universal semantics if and only if they are translation into another target language (cf [26]). B-bisimilar. In other words: Acknowledgements. Thanks to Marcelo Fiore and Corollary 7.4 If B preserves weak pullbacks, the uni- Alex Simpson for discussions. Part of this study is versal semantics associated to some abstract rules ρ is based on the first author’s thesis; he wishes to thank fully abstract with respect to B-bisimulation. 2 Jaco de Bakker and Bart Jacobs for their guidance. Next, recall Definition 4.1: by replacing spans of coalgebra homomorphisms with spans of T -algebra ho- References momorphisms, one has a corresponding notion of T - congruence which specialises to the ordinary notion [1] S. Abramsky. A domain equation for bisimulation. of congruence. Similarly, by considering spans of λ- Information and Computation, 92:161–218, 1991. bialgebra homomorphisms one has a notion of, say, λ- bicongruence and a corresponding category. We can [2] P. Aczel. Non-well-founded sets. Number 14 in ask then whether there exists a final bicongruence for Lecture Notes. CSLI, 1988. a λ-bialgebra. Now, if pullbacks of cospans of carri- ers of B-coalgebras are B-bisimulations, then, by the [3] P. Aczel. Final universes of processes. In Math- universal property of pullbacks, a final B-bisimulation ematical Foundations of Programming Semantics, between two coalgebras exists: it is the pullback of the Proc. 9th Int. Conf., volume 802 of LNCS, pages respective unique coalgebra homomorphisms to the fi- 1–28. Springer-Verlag, 1994. nal coalgebra. This is a T -congruence as well, because [4] P. Aczel and N. Mendler. A final coalgebra the- the forgetful functor U T : T -Alg creates limits. orem. In D.H. Pitt et al., editors, Proc. category Therefore, by definition of final bialgebra:→ C theory and computer science, volume 389 of LNCS, pages 357–365. Springer-Verlag, 1989. Corollary 7.5 If B preserves weak pullbacks, then every λ-bialgebra has a final bicongruence. 2 [5] J.C.M. Baeten and W.P. Weijland. Process Al- gebra. Cambridge University Press, 1990. In particular, the behavioural endofunctor B in (2) pre- serves weak pullbacks, hence the above corollary spe- [6] M. Barr. Terminal coalgebras in well-founded cialises to the well-known fact that (strong) bisimula- set theory. Theoretical Computer Science, tion is a congruence for GSOS and tree rules. 144(2):299–315, 1993. [7] Jon Beck. Distributive laws. In B. Eckmann, ed- [20] A. M. Pitts. Categorical logic. Technical Report itor, Seminar on Triples and Categorical Homo- 367, University of Cambridge Computer Laborat- logy Theory, volume 80 of Lecture Notes in Math- ory, May 1995. ematics, pages 119–140. Springer-Verlag, 1969. [21] G.D. Plotkin. A structural approach to opera- [8] B. Bloom, S. Istrail, and A.R. Meyer. Bisimulation tional semantics. Technical Report DAIMI FN- can’t be traced. Journal of the ACM, 42(1):232– 19, Computer Science Department, Aarhus Uni- 268, jan 1995. A preliminary report appeared in versity, 1981. Proc. 3rd LICS, pages 229-239, 1988. [22] J. Rutten. Processes as terms: non-well-founded [9] J.R.B. Cockett and D.A. Spooner. Categories for models for bisimulation. Mathematical Structures synchrony and asynchrony. Electronic Notes in in Computer Science, 2:257–275, 1992. Theoretical Computer Science, 1, 1995. [23] J. Rutten and D. Turi. Initial algebra and final [10] W. Fokkink. The tyft/tyxt format reduces to tree coalgebra semantics for concurrency. In J. de Bak- rules. In M. Hagiya and J.C. Mitchell, editors, ker et al., editors, Proc. of the REX workshop Proc. TACS94, number 789 in LNCS, pages 440– A Decade of Concurrency – Reflections and Per- 453. Springer-Verlag, 1994. spectives, volume 803 of LNCS, pages 530–582. Springer-Verlag, 1994. [11] W. Fokkink and R. van Glabbeek. Ntyft/ntyxt rules reduce to ntree rules. Information and Com- [24] D. Scott. Outline of a mathematical theory of putation, 126(1):1–10, 1996. computation. In Proc. 4th Annual Princeton Con- ference on Inf. Sciences and Systems, pages 169– [12] J.A. Goguen, J.W. Thatcher, and E.G. Wagner. 176, 1970. An initial algebra approach to the specification, correctness and implementation of abstract data [25] A.K. Simpson. Compositionality via cut- types. In R.T. Yeh, editor, Current Trends in Pro- elimination: Hennessy-Milner logic for an arbit- gramming Methodology, volume IV, pages 80–149. rary GSOS. In Proc. Tenth IEEE Symp. on Logic Prentice Hall, 1978. In Computer Science, 1995.
[13] J.F. Groote and F. Vaandrager. Structured op- [26] C. Stone and R. Harper. A type-theoretic account erational semantics and bisimulation as a congru- of Standard ML 1996. Technical Report CMU-CS- ence. Information and Computation, 100(2):202– 96-136, Computer Science Department, Carnegie- 260, 1992. Mellon University, 1996.
[14] M.C.B. Hennessy and G.D. Plotkin. Full abstrac- [27] R. Street. The formal theory of monads. Journal tion for a simple parallel programming language. of Pure and Applied Algebra, 2:149–168, 1972. In J. Beˇcv´aˇr,editor, Proc. 8th MFCS, volume 74 of LNCS, pages 108–120. Springer-Verlag, 1979. [28] M.E. Sweedler. Hopf Algebras. W.A. Benjamin Inc., New York, 1969. [15] P.T. Johnstone. Adjoint lifting theorems for cat- egories of algebras. Bull. London Math. Soc., [29] D. Turi. Functorial Operational Semantics and 7:294–297, 1975. its Denotational Dual. PhD thesis, Free Uni- versity, Amsterdam, June 1996. Accessible from [16] A. Joyal, M. Nielsen, and G. Winskel. Bisim-