Categorical Liveness Checking by Corecursive Algebras

Home , Least fixed point

arXiv:1704.04872v1 [cs.LO] 17 Apr 2017 ahde o ee otestates the to refer not does path and rbes(..[] 2,[].Awl-nw ehdi h one the is method well-known A [3]). [2], [1], (e.g. problems x srahbeb h path the by reachable is eoi lyr h nwrt h ecaiiypolmis problem reachability if the matter to no yes: answer again The player. demonic hcigpolm—sstefloig De hr xs a state exist initial there the “Does from following: path the problems—asks liven of checking example typical problem—a reachability The event. an yaglcaddmncpaes h gr 2 lutae an illustrates state (2) figure the The At players. example. demonic and angelic by ytma ntefiue() Here (1). figure the in as transition a system given are we that suppose ple, o,weetenx tt scoe oaodago state. good a avoid a to as modeled chosen be is can state system a next Such the where too, tt oeetal ec odstate. good contain often a systems real-world reach However, eventually to state an in controlled gelic is system the that fcagbacsmlto suidpeiul yteautho combinat the algebra suitable by previously a corecursive (studied in simulation answer coalgebraic an of find We ones). and probabilistic settings) nondeterministic for namely axiomatizat liveness, (in methods categorical for methods a proof proof seek well-known categorical we towards Concretely, coalgebras. step a least focus make have we therein Here studied Some coalgebras. methods of on proof theory the most in role analogously, central a play points” oehn go”eetal cus hl aeymastha occurs. means never safety “bad” while anything occurs, eventually “good” mean something Liveness specifications. c fixed-point more alternating of plex verification underlines that problem prototypical Backgrounds A. 2 ueosmtosaekonfrsc ieeschecking liveness such for known are methods Numerous nteeapeaoe eassumed we above, example the In Functions: Ranking 1) Abstract eicto flvns,mc ieta fsft,i a is safety, of that like much liveness, of Verification h nei lyrcnfrereaching force can player angelic the , accepting greatest → xdpitpoete vrdnmclssesmdldas modeled systems dynamical over properties fixed-point anr ecncos h next the choose can we manner: x 4 — et optrSine h nvriyo oy,Japan Tokyo, of University The Science, Computer Dept. → xdpitpoete iesft n bisimilarity. and safety like properties fixed-point ia coalgebras Final tt htrpeet good a represents that state x 5 → { sacasfirfr(non-)well-foundedness. for classifier a as rbntui qnighy urabenatsuki, x .I I. ask Urabe Natsuki 3 → x x 3 → NTRODUCTION 2 aeoia ieesChecking Liveness Categorical x or ∗ x sa exam- an As h etmv scoe ythe by chosen is move next the 1 x SSRsac Fellow Research JSPS 0 ). 0 x to → s“aeoia raetfixed greatest “categorical as 4 x scoe stescesrof successor the as chosen is x x yCrcrieAlgebras Corecursive by akn supermartingales ranking 4 1 2 x ”Tease syes: is answer The ?” an- and → 1 ∗ w-lyrgame two-player x is } 3 x @is.s.u-tokyo.ac.jp aaiHara Masaki → 5 x demonic . x x / 1 ÈÉ x x / ✉ 0 1 ÈÉ x ✉ 0 1 akn functions ranking o (by 1 o oeta the that Note . x x / ÈÉ x x / → O 2 3 ÈÉ ÈÉ O 2 3 o branching, o x 3 x x / ÈÉ ÈÉ s and rs) x x / played O 4 5 ÈÉ ÈÉ o of ion → O 4 5 that s what om- ess ion (2) (1) (in x x ed 1 1 t eoi lyr ehave we player, demonic onstenme fsesfrom steps of number the bounds state eadeso h eoi lyrscoc,teaglcplay angelic the path choice, a player’s construct can demonic the of regardless farnigfunction ranking a of b o xml,i h w-lyrgm n() h akn func- ranking the (2), in game two-player tion in the impossible in is example, chain descending For infinite an and reached; is nue that ensures h tt space state the h olwn odtos i o ahnnacpigstate non-accepting each for (i) conditions: following the sn a using h nei lyr hr xssascesrstate successor a exists there player, angelic the nacpigsae h elfuddesof have well-foundedness we The state. accepting an ucini yial enda function a as defined typically is function h ubro tp from steps of number the gales namely systems, probabilistic for known ahta osntvstayacpigsaea l (namely all at state accepting any visit not does → that path a 1 gr 3.I h lotsr ecaiiypolm ewant state we accepting problem, the reachability if almost-sure know the to In (3). figure osdrthe consider akn uemrigl safunction a is supermartingale ranking b rbblsi ytm.Atpcleapeis example typical the A systems. for also probabilistic problems checking liveness consider ε ahstate each h tt space state the elnmes htstse h olwn condition. following the satisfies that numbers, real Here ytmmksatasto from transition a makes system ∀ ( ′ ntePSi 3,tease sys huhteeexists there though yes, is answer the (3), in PTS the In . x fe rniin h xsec farnigsupermarting ranking a of existence The transition. a after x oinaaoost hto akn ucini also is function ranking of that to analogous notion A )RnigSupermartingales: Ranking 2) uhthat such x ) ∈ lotsr ecaiiyproblem reachability almost-sure 0 b ≥ y Prob( X 5,[] o xdpstv real positive fixed a For [6]. [5], → [ = ′ b akn function ranking ( \ of b x x x ( x Acc 0 ′ x 0 )+1 x x ∈ y i · · · → ainlIsiueo nomtc,Japan Informatics, of Institute National 7→ ) b rbblsi rniinsystem transition probabilistic ti nw that known is It . 1 → b . ′ X b > ( srahbefrom reachable is X x X 5 n i)frec o-cetn state non-accepting each for (ii) and ; h xetdvleof value expected the , ) ′ x x , ( ( ′ oteset the to u hsocr ihprobability with occurs this but , x oteset the to ) x < 1 x ) i eoe h rbblt ihwihthe which with probability the denotes +1 7→ = ≥ ∞ b [email protected] ) x 4.Fratopae ae ranking a game, two-player a For [4]. 0 cioHasuo Ichiro b uhthat such 0 o each for x , mle htteepce au of value expected the that implies ( P → y x 2 ) [0 x N x 7→ ′ ≥ oa cetn tt sfinite is state accepting an to x , ∈ 1 ∞ ∞ 1 X x ··· · →· x b 4 soundness 0 ( x srahdwt probability with reached is ] Prob( x , = i to y nutvl,tevalue the Intuitively, . n can One fetne non-negative extended of b ′ oa cetn state. accepting an to eoea cetn state accepting an before 1 + ) 3 e us let : ( N x x b 7→ hteetal reaches eventually that b ′ ) > ε ′ hsmasta for that means This . {∞} ∪ ′ akn supermartin- ranking x : erae ya least at by decreases < 1 b → X o ahsuccessor each for x , : 0 N ∞ od:existence holds: x PS si the in as (PTS) X n( an , → 4 ′ scuilhere: crucial is ) htsatisfies that , 7→ → mle that, implies · 2 1 [0 x b ′ 3 ε , ′ ; N ÈÉ ( ∞ -additive) ✉ x , O O uhthat such 0 x x 2 1 ∞ x y ). ′ 0 ] 5 1 ) from , from , fthe of 7→ b x + ( ale (3) N x of 2] er ε ) . functor F c : X → F X represents ( )Σ × {0, 1} deterministic automaton coalgebra-algebra homomorphism (|c|)r (see the diagram). P2( ) × {0, 1} two-player game Corecursive algebras have been previously used to describe D( ) × {0, 1} probabilistic transition system (PTS) general structured corecursion [13] (see also Rem. II.17). Our Fig. 1. Coalgebraic representations of transition systems. Here P and D use of them in this paper seems novel: r being corecursive denote the powerset and the distribution functors respectively (Def. II.15). means that the function Φc,r : f 7→ r◦Ff ◦c has a unique fixed point; in particular its least and greatest fixed points coincide1; (specifically it is no bigger than b′(x)/ε). From this it easily we find this feature of corecursive algebras suited for their use follows that an accepting state is visited almost surely. as categorical “classifiers” for (non-)well-foundedness. 3) Coalgebras and Algebras: This paper aims to under- 2) Modalities and Least Fixed-Point Properties: Liveness stand, in the categorical terms of (co)algebra, essences of properties such as reachability and termination are all instances liveness checking methods like ranking functions and ranking of least fixed-point properties: once a proper modality ♥σ is supermartingales. Coalgebras are commonly used for mod- fixed, the property in question is described by a least fixed- eling state-based dynamics in the categorical language (see point formula µu. ♥σu. The way we categorically formulate e.g. [7], [8]). Formally, for an endofunctor F over a category these constructs, as shown below, is nowadays standard (see C, an F -coalgebra is an arrow c of the type c : X → FX. e.g. [17], [18]). As the base category C we use Sets in this We can regard X as a state space, F as a specification paper (although extensions e.g. to Meas would not be hard). of the branching type, and c : X → FX as a transition • We fix a domain Ω ∈ C of truth values (e.g. Ω= {0, 1}), function. By changing the functor F we can represent various and a property over X ∈ C is an arrow u: X → Ω. kinds of transition types (see Fig. 1). It is also known that, • A (state-based, dynamical) system is a coalgebra c: X → using coalgebras, we can generalize various automata-theoretic FX for a suitable functor F : C → C. 2 notions and techniques (such as behavioral equivalence [9], • A modality ♥σ is interpreted as an F -algebra σ : F Ω → bisimulation [10] and simulation [11]) to various systems (e.g. Ω over Ω (see Example III.4 and Prop. IV.2 for examples). nondeterministic, probabilistic, and weighted ones). • Assuming some syntax is given, we should be able to A dual notion, i.e. an arrow of type a : FX → X, is known derive the interpretation ♥σϕ c of a modal formula from as an F -algebra. In this paper, it is used to capture properties ϕ c. In the current (purelyJ semantical)K framework this (or predicates) over a system represented as a coalgebra. JgoesK as follows. Given a property u: X → Ω, we define the property Φc,σ(u): X → Ω by the composite B. Contributions c F u σ We contribute a categorical axiomatization of “ranking Φc,σ(u) = X → FX → F Ω → Ω . functions” that is behind the well-known methods that we have • Assuming a suitable order structure ⊑ on Ω and ad- corecursive algebras Ω sketched. It combines: as value domains ditional monotonicity requirements, the correspondence (that are, like N , suited to detect well-foundedness) and lax ∞ Φ : ΩX → ΩX has the least fixed point. It is denoted homomorphisms (like in coalgebraic simulations [11], [12]). c,σ by µσ : X → Ω; intuitively it is the interpretation Based on the axiomatization we develop a general theory; our c µu.J♥σKu c of the formula µu. ♥σu in the system c. main result is soundness, i.e. that existence of a categorical J K ranking function indeed witnesses liveness (identified with Concrete examples are in §III-B. Another standard categorical modeling of a modality (see e.g. [19]) is by a predicate lifting, a least fixed-point property). We also exploit our general X F X theory and derive two new notions of “ranking functions” as i.e. a natural transformation σX : Ω ⇒ Ω . It corresponds instances. The two concrete definitions are new to the best of to our modeling via the Yoneda lemma; see e.g. [17]. F JµσKc our knowledge. 3) Ranking Functions, Categorically: F X / F Ω (4) Our modeling is summarized on the right: O We shall now briefly sketch our general theory, illustrating c =µ σ key notions and the backgrounds from which we derive them. the liveness property µσ c in question is X / Ω J K JµσKc 1) Corecursive Algebras for (Non-)Well-Foundedness: In the least arrow (with respect to the order on ) that makes the square commute (note the subscript ). the (conventional) definition of a ranking function b : X → Ω =µ The liveness checking problem is then formulated as fol- N∞, well-foundedness of N = N∞ \ {∞} plays an important role as it ensures that no path can continue infinitely lows: given an arrow h: X → Ω, we would like to decide if (without hitting an accepting state). Similarly, for a ranking 1Examples abound in computer science—especially in domain theory— supermartingale, it is crucial that [0, ∞) = [0, ∞]\{∞} has no where similar coincidences play important roles. They include: limit-colimit infinite sequence that decreases everywhere at least by ε> 0. coincidence [14] and initial algebra-final coalgebra coincidence [15], [16]. In unifying the two notions, we need to categorically capture 2 We use the same functor F for coalgebras (systems) and algebras (modalities). This characterization is used in [17], [18] and also found in well-foundedness. many coalgebraic modal logic papers (e.g. [19]). However, for some examples, F (|c|)r Our answer comprises suitable use of core- F X ❴❴ / F R it comes more natural to use functors F and G together with a natural O transformation α F ⇒ G, and to model a system and a modality as cursive algebras [13]. An F -algebra r : c = r : (|c|)r c : X → FX and σ : GΩ → Ω respectively. This modeling induces F R → R is said to be corecursive if from / αΩ σ X ❴❴❴ R our current one as σ and α together induce an F -algebra F Ω → GΩ → Ω an arbitrary coalgebra c : X → FX there exists a unique (cf. §L).

2 h ⊑Ω µσ c holds. Here ⊑Ω denotes the pointwise extension the ordinary order ≤ over R to [0, ∞] by regarding ∞ as the of theJ orderK on Ω. For example, let’s say we want to check greatest element. We write N∞ for N ∪ {∞}. For a function the assertion that a specific state x0 ∈ X satisfies the liveness ϕ : X → [0, 1], its support {x ∈ X | ϕ(x) > 0} is denoted property µσ c. In this case we would define the above by supp(ϕ). “assertion”J h:KX → Ω, where Ω= {0 ⊑Ω 1}, by: h(x0)=1 and h(x)=0 for all x 6= x0. A. Two-player Games and Ranking Functions Our categorical framework F X / F R / F Ω Our two-player games are played by an angelic player max of ranking function-based ver- O F b F q c r ⊑ σ ⊑ and a demonic player min. ification goes as follows. b q X / R / Ω (5) • We fix a ranking do- ⊒ ; Definition II.1 (two-player game). A (two-player) game struc- h main—the value domain ture is a triple G = (Xmax,Xmin, τ) of a set Xmax of states for ranking functions—to be an algebra r : F R → R of the player max, a set Xmin of states of the player min, and together with a lax homomorphism q : R → Ω (from r a transition relation τ ⊆ Xmax × Xmin ∪ Xmin × Xmax. to σ, in the right square in (5)). The latter q identifies A strategy of the player max is a partial function α : ∗ r : F R → R as a “refinement” of the modality σ : F Ω → Xmax×(Xmin×Xmax) ⇀Xmin such that for each x0y1x1 ... ∗ Ω. A crucial requirement is that r is corecursive, making ynxn ∈ Xmax × (Xmin × Xmax) , if α(x0y1x1 ...ynxn) is it suited for detecting well-foundedness. defined then (xn, α(x0y1x1 ...ynxn)) ∈ τ. A strategy of the ∗ player min is a partial function β : Xmax ×(Xmin ×Xmax) × • A (categorical) ranking arrow for a coalgebra c: X → X ⇀ X such that for each x y x ...y x y ∈ FX is then defined to be a lax homomorphism b: X → min max 0 1 1 n−1 n−1 n X ×(X ×X )∗×X , if β(x y x ...y x y ) R, in the sense shown in the left square in (5). max min max min 0 1 1 n−1 n−1 n is defined then (yn,β(x0y1x1 ...yn−1xn−1yn)) ∈ τ. • Our soundness theorem says: given an assertion h: X → For x ∈ Xmax and a pair of strategies α and β of the players Ω, in order to establish h ⊑ µσ c, it suffices to find a max and min, respectively, the run induced by α and β from ranking arrow b: X → R suchJ thatK h ⊑ q ◦ b (see (5)) . α,β,x x is a possibly infinite sequence ρ = x0y1x1y2x2 ... that This way the problem of verifying a least fixed-point prop- is an element of the set erty is reduced to finding a witness b. Note that the requirement ∗ on the ranking arrow b—namely b ⊑ r ◦ Fb ◦ c—is local (it (Xmax × (Xmin × Xmax) × {⊥max}) ∗ only involves one-step transitions) and hence easy to check. ∪ (Xmax × (Xmin × Xmax) × Xmin × {⊥min}) ω Our main technical contribution is a proof for soundness. ∪ (Xmax × Xmin) There we argue in terms of inequalities between arrows— and is inductively defined as follows: for n =0, x = x; and much like in [11], [12]—relying on fundamental order- 0 for n> 0, theoretic results on fixed points (Knaster–Tarski and Cousot–

Cousot, see §II-D). Corecursiveness of r is crucial there. ⊥max (α(x0y1x1 ...yn−1xn−1) is undefined) yn = 4) Concrete Examples: Ranking functions for two-player α(x0y1x1 ...yn−1xn−1) (otherwise), and games (§I-A) are easily seen to be an instance of our categor- ⊥min (β(x0y1x1 ...xn−1yn) is undefined) xn = ical notion, for suitable F, Ω and R. β(x0y1x1 ...xn−1yn) (otherwise) . Our second example in §I-A—additive ranking supermartingales in the probabilistic setting—is itself not an example, The symbol ⊥max (resp. ⊥min) represents the end of the run however. Analyzing its reason we are led to a few variations of at max’s (resp. min’s) turn: it means the player got stuck. the definition, among which some seem new. We discuss these Once an initial state x and strategies α and β of the players variations: their relationship, advantages and disadvantages. max and min are fixed, a run ρα,β,x is determined. There are different ways to determine the “winner” of a run, including: C. Organization of this Paper max wins if min gets stuck; max wins if he does not get In §II we introduce preliminaries on: our running examples stuck; max wins if some specified states are visited infinitely (two-player games and PTSs); liveness checking methods for many times (the Buchi¨ condition), etc. In this paper where them; (co)algebras; and least and greatest fixed points. Our we focus on liveness, we choose the following (rather simple) main contribution is in §III, where our categorical develop- winning condition: the player max wins if an accepting state is ments are accompanied (for illustration) by concrete examples reached or the player min gets stuck. Studies of more complex from two-player games. The entailments of our general frame- conditions (like the Büchi condition) are left as future work. work in the probabilistic setting are described in §IV. Finally in §V we conclude. Definition II.2 (reaching set). Let G = (Xmax,Xmin, τ) be a Some details and proofs are deferred to the appendices. two-player game structure. We fix a set Acc ⊆ Xmax of ac- α,β,x cepting states. A run ρ = x0y1x1 ... on (Xmax,Xmin, τ) II. PRELIMINARIES is winning with respect to Acc for the player max if

In this paper [0, ∞) and [0, ∞] denote the sets {a ∈ R | • xn ∈ Acc for some n; or α,β,x a ≥ 0} and {a ∈ R | a ≥ 0}∪{∞} respectively. We extend • ρ is a ﬁnite sequence whose last letter is ⊥min .

3 We define the reaching set ReachG,Acc ⊆ Xmax by: Then it is a positional strategy such that for each strategy β of min, the run ρα,β,x is winning wrt. Acc for max. ∃α : strategy of max.   ∀β : strategy of min. ReachG,Acc = x ∈ X  . (6) B. Probabilistic Transition Systems and Ranking Supermartin- α,β,x ρ is winning wrt. Acc gales   Definition II.8 (PTS). A probabilistic transition system (PTS) Example II.3. We define a game struc- ✉x2 y3 I ✰U E is a pair M = (X, τ) of a set X and a transition function τ : ✓ ✰ x3 ☞ ture G = (Xmax,Xmin, τ) by Xmax = ✰ ÈÉ ☞ ÈÉ x4 ✓✓ ✰ W G X → DX. Here DX = {d : X → [0, 1] | x∈X d(x)=1} ✓ 0 1 ✴ {x0, x1, x2, x3, x4}, Xmin = {y0,y1,y2, U y I iy ✴✴ ✎✎ is the set of probability distributions over X. ✰ ✎ 2 and ✰ ✓ O y P y3} τ = {(x0,y0), (x0,y1), (x1,y1), ✰✰ ✓✓ ÈÉ ✓ x0 ) ÈÉ x1 Definition II.9 (reachability probability). Let M = (X, τ) be (x1,y2), (x3,y3), (y0, x2), (y1, x1), (y1, x2), a PTS. We fix a set Acc ⊆ X of accepting states. For each (y2, x3), (y2, x4)}. Let Acc = {x2}. The situation is shown on x ∈ X and n ∈ N, we define a value f (x) ∈ [0, 1] by: the right. Then the reaching set is ReachG,Acc = {x0, x2, x3}. n

Ranking functions. Suppose that we are given a game fn(x)= structure G = (Xmax,Xmin, τ) and a set Acc ⊆ Xmax of k−1 k ≤ n − 1,x0,...,xk ∈ X, accepting states, and want to prove that a state x is included in τ(x )(x ) x0 = x,xi ∈/ Acc (∀i ∈ [0,k − 1]), .  i i+1  ReachG,Acc.A ranking function is a standard proof method in i=0 and xk ∈ Acc X Y  such a setting. There are variations in the definition of ranking Note that if x ∈ Acc then f (x) = 1. As the sequence function [4], [20], [21]: in this paper we use the following.  n  is increasing for each , we can define a fn(x) n∈N x ∈ X Definition II.4 (ranking function). Let G = (Xmax,Xmin, τ) function f : X → [0, 1] by: be a game structure and Acc ⊆ Xmax. We fix an ordinal z and let Ord≤z = {n | n ≤ z} be the set of ordinals smaller f(x) = lim fn(x) . n→∞ than or equal to z. A function b : Xmax → Ord≤z is called a ranking function (for G and Acc) if it satisfies The function f is called the reachability probability function with respect to M and Acc, and is denoted by ReachM,Acc. ′ miny : (x,y)∈τ supx′ : (y,x′)∈τ b(x ) +1 ≤ b(x) Here the value fn(x) ∈ [0, 1] is the probability with which ′ ′ an accepting state is reached within n steps from x. for each x ∈ Xmax\Acc, where b(x ) + 1b = min{b(x )+1, z} denotes addition truncated at z. Example II.10. We define a PTS M = ✉ x2 O c 1 b (X, τ) by X = {x0, x1, x2, x3}, and 1 1 1 The following well-known theorem states soundness, i.e. 1 1 2 2 2 τ(x0) = [x1 7→ 2 , x3 7→ 2 ], τ(x1) = ÈÉ ÈÉ that a ranking function witnesses reachability. 1 1 ; Zx1 x3 D c [x1 7→ , x2 7→ ], τ(x2) = [x2 7→ 1], ✻✻ 2 2 1 ✻ ✟✟1 2 ✻ ✟ 2 Theorem II.5 (soundness, see e.g. [4]). Let z be an ordinal, and τ(x3) = [x3 7→ 1]. Let Acc = ÈÉ ✟ and let b : X → Ord≤z be a ranking function for G and Acc. {x2}. The situation is as shown on the x0 1 Then b(x) < z (i.e. b(x) 6= z) implies x ∈ ReachG,Acc. right. Then ReachM,Acc : X → [0, 1] assigns 2 to x0, 1 to x1 and x , and 0 to x . Example II.6. For the game in Example II.3, let z = ω and 2 3 Let us consider the almost-sure reachability problem for define a function b : X → Ord≤z by b(x0)=1, b(x2)=0 PTS. Given a PTS M = (X, τ), a set Acc ⊆ X of accepting and b(x1)= b(x3)= b(x4)= ω. Then b is a ranking function. states and an (initial) state x ∈ X, we want to prove that Hence by Thm. II.5, we have x0 ∈ ReachG,Acc. ReachM,Acc(x)=1. For this problem, a ranking function-like Completeness (the converse of Thm. II.5) does not hold. A notion called ranking supermartingale [5] is known. There are counterexample is given later in Example III.17. several variations in its definition. We follow the definition ∗ in [6]; a variation can be found in [23]. Remark II.7. A strategy α : Xmax × (Xmin × Xmax) ⇀ Xmin is said to be positional if its outcome depends only Definition II.11 (ε-additive ranking supermartingale). Let ′ on the last state of the input, i.e. xn = xn′ implies M = (X, τ) be a PTS and Acc ⊆ X be the set of accepting ′ ′ ′ ′ ′ α(x0y1 ...ynxn) = α(x0y1 ...yn′ xn′ ) . It is known that a states. Let ε> 0 be a real number. A function b : X → [0, ∞] positional strategy suffices as long as we consider reach- is an ε-additive ranking supermartingale (for M and Acc) if ing sets, i.e. the set ReachG,Acc in Def. II.2 is unchanged ′ ′ ′ ′ if we replace “∃α : strategy of max” in (6) with “∃α : x′∈supp(τ(x)) τ(x)(x ) · b (x ) + ε ≤ b (x) positional strategy of max” (see e.g. [22]). holds for P each x ∈ X \ Acc. A ranking function allows us to synthesize such a positional ′ strategy. Let x ∈ Xmax and b : Xmax → Ord≤z be a ranking Intuitively an ε-additive ranking supermartingale b bounds the function s.t. b(x) < ∞. We define a strategy α for max by expected number of steps to accepting states: specifically it is no bigger than b′(x)/ε. ′ ′ ′ α(x0y1 ...ynxn) = arg miny : (xn,y)∈τ supx : (y,x )∈τ b(x ) .

4 Theorem II.12 ([6]). Let b′ : X → [0, ∞] be an ε-additive inverse image diagrams, recursive coalgebras—the categori- ranking supermartingale for M and Acc. Then b′(x) < ∞ cal dual of corecursive algebras used for general structured implies ReachM,Acc(x)=1. recursion in [25]—are known to coincide with well-founded coalgebras [26], where well-foundedness is categorically mod- Example II.13. For the PTS in Example II.10, we define b′ : eled in terms of “inductive components.” For more general X → [0, ∞] by b′(x ) = ∞, b′(x )=2, b′(x )=0 and 0 1 2 categories, it is known that if a functor preserves monos then b′(x )= ∞. Then b′ is a 1-additive ranking supermartingale. 3 well-foundedness implies recursiveness, but its converse does Hence by Thm. II.12, we have Reach (x )=1. M,Acc 1 not necessarily hold [27]. The dual of this result, between C. Categorical Preliminaries corecursive and anti-founded algebras, is pursued in [13] but with limited success. We assume that readers are familiar with basic categorical In [28] the notion of co-founded part of an algebra is notions. For more details, see e.g. [24], [7]. introduced, with a main theorem that the co-founded part of an Definition II.14 ((co)algebra). Let F : C → C be an injectively structured corecursive algebra carries a final coal- endofunctor on a category C. An F -coalgebra is a pair (X,c) gebra. The result is used for characterizing a final coalgebra as of an object X in C and an arrow c of the type c : X → FX. that of suitable modal formulas. Despite its name, co-founded An F -algebra is a pair (A, a) of an object A in C and an parts have little to do with our current view of corecursive arrow a of the type a : F A → A. algebras here as well-foundedness classifiers. Discussions on other works on corecursive algebra are found In this paper we exclusively use the category Sets of sets in §L in the appendix. and functions as the base category C (although extensions Meas e.g. to would not be hard). We would be interested D. Verification of Least/Greatest Fixed-Point Properties in endofunctors composed by the following. The following results are fundamental in the studies of Definition II.15 (P, D and ( ) × C). The powerset functor fixed-point specifications. P : Sets → Sets is such that: Theorem II.18. Let L be a complete lattice, and f : L → L • for each X ∈ Sets, PX = {A ⊆ X}; and be a monotone function. • for each f : X → Y and A ∈PX, (Pf)(A)= {y ∈ Y | ∃x ∈ A. f(x)= y}. 1) (Knaster–Tarski) The set of prefixed points (i.e. those The (discrete) distribution functor D : Sets → Sets is: l ∈ L such that f(l) ⊑ l) forms a complete lattice. Moreover its least element is (not only a prefixed but) a • for each X ∈ Sets, DX = {d : X → [0, 1] | fixed point, that is, the least fixed point µf. d(x)=1}; and x∈X 2) (Cousot–Cousot [29]) Consider the (transfinite) se- • for each f : X → Y , δ ∈ DX and y ∈ Y , (Df)(δ)(y)= a P quence ⊥ ⊑ f(⊥) ⊑ ··· ⊑ f (⊥) ⊑ · · · where, for x∈f −1(y) δ(x). a b a limit ordinal a, we define f (⊥)= b