Computational lambda-calculus and monads Eugenio Moggi∗ Lab. for Found. of Comp. Sci. University of Edinburgh EH9 3JZ Edinburgh, UK On leave from Univ. di Pisa Abstract • The logical approach gives a class of possible models for the language. Then the problem is to The λ-calculus is considered an useful mathematical prove that two terms denotes the same object in tool in the study of programming languages. However, all possible models. if one uses βη-conversion to prove equivalence of pro- grams, then a gross simplification1 is introduced. We The operational and denotational approaches give only give a calculus based on a categorical semantics for a theory (the operational equivalence ≈ and the set T h computations, which provides a correct basis for prov- of formulas valid in the intended model respectively), ing equivalence of programs, independent from any and they (especially the operational approach) deal specific computational model. with programming languages on a rather case-by-case basis. On the other hand, the logical approach gives a consequence relation ` (Ax ` A iff the formula A is Introduction true in all models of the set of formulas Ax), which This paper is about logics for reasoning about pro- can deal with different programming languages (e.g. grams, in particular for proving equivalence of pro- functional, imperative, non-deterministic) in a rather grams. Following a consolidated tradition in theoret- uniform way, by simply changing the set of axioms ical computer science we identify programs with the Ax, and possibly extending the language with new closed λ-terms, possibly containing extra constants, constants. Moreover, the relation ` is often semide- corresponding to some features of the programming cidable, so it is possible to give a sound and complete language under consideration. There are three ap- formal system for it, while T h and ≈ are semidecidable proaches to proving equivalence of programs: only in oversimplified cases. We do not take as a starting point for proving equiv- • The operational approach starts from an oper- alence of programs the theory of βη-conversion, which ational semantics, e.g. a partial function map- identifies the denotation of a program (procedure) of ping every program (i.e. closed term) to its result- type A ! B with a total function from A to B, since ing value (if any), which induces a congruence re- this identification wipes out completely behaviours like lation on open terms called operational equiva- non-termination, non-determinism or side-effects, that lence (see e.g. [10]). Then the problem is to prove can be exhibited by real programs. Instead, we pro- that two terms are operationally equivalent. ceed as follows: 1. We take category theory as a general theory of • The denotational approach gives an interpreta- functions and develop on top a categorical se- tion of the (programming) language in a math- mantics of computations based on monads. ematical structure, the intended model. Then the problem is to prove that two terms denote the 2. We consider how the categorical semantics should same object in the intended model. be extended to interpret λ-calculus. ∗Research partially supported by EEC Joint Collaboration At the end we get a formal system, the computational Contract # ST2J-0374-C(EDB). lambda-calculus (λc-calculus for short), for proving 1Programs are identified with total functions from values to equivalence of programs, which is sound and com- values. plete w.r.t. the categorical semantics of computations. 1 : The methodology outlined above is inspired by [13]2, T and µ: T 2 ! T are natural transformations and the and it is followed in [11, 8] to obtain the λp-calculus. following equations hold: The view that \category theory comes, logically, be- • µ ; µ = T (µ ); µ fore the λ-calculus" led us to consider a categorical T A A A A semantics of computations first, rather than to mod- • ηT A; µA = idT A = T (ηA); µA ify directly the rules of βη-conversion to get a correct calculus. A computational model is a monad (T; η; µ) satis- A type theoretic approach to partial functions and fying the mono requirement: ηA is a mono for every computations is attempted in [1] by introducing a type A 2 C. constructor A¯, whose intuitive meaning is the set of There is an alternative description of a monad (see computations of type A. Our categorical semantics is [7]), which is easier to justify computationally. based on a similar idea. Constable and Smith, how- Definition 1.2 A Kleisli triple over C is a triple ever, do not adequately capture the general axioms for ∗ (T; η; ), where T : Obj(C) ! Obj(C), ηA: A ! T A, computations (as we do), since they lack a general no- ∗ tion of model and rely instead on operational, domain- f : T A ! T B for f: A ! T B and the following equa- and recursion-theoretic intuition. tions hold: ∗ • ηA = idT A ∗ 1 A categorical semantics of • ηA; f = f computations • f ∗; g∗ = (f; g∗)∗ ∗ The basic idea behind the semantics of programs de- Every Kleisli triple (T; η; ) corresponds to a monad ∗ scribed below is that a program denotes a morphism (T; η; µ) where T (f: A ! B) = (f; ηB) and µA = ∗ from A (the object of values of type A) to T B (the idT A. object of computations of type B). Intuitively ηA is the inclusion of values into compu- This view of programs corresponds to call-by-value ∗ tations and f is the extension of a function f from parameter passing, but there is an alternative view of values to computations to a function from computa- \programs as functions from computations to compu- tions to computations, which first evaluates a compu- tations" corresponding to call-by-name (see [10]). In tation and then applies f to the resulting value. The any case, the real issue is that the notions of value and equations for Kleisli triples say that programs form computation should not be confused. By taking call- a category, the Kleisli category C , where the set by-value we can stress better the importance of values. T C (A; B) of morphisms from A to B is C(A; T B), the Moreover, call-by-name can be more easily represented T identity over A is ηA and composition of f followed in call-by-value than the other way around. ∗ by g is f; g . Although the mono requirement is very There are many possible choices for T B correspond- natural there are cases in which it seems appropriate ing to different notions of computations, for instance to drop it, for instance: it may not be satisfied by the in the category of sets the set of partial computa- monad of continuations. tions (of type B) is the lifting B + f?g and the set of Before going into more details we consider some ex- non-deterministic computations is the powerset P(B). amples of monads over the category of sets. Rather than focus on specific notions of computations, we will identify the general properties that the object Example 1.3 Non-deterministic computations: T B of computations must have. The basic require- • T ( ) is the covariant powerset functor, i.e. T (A) = ment is that programs should form a category, and P(A) and T (f)(X) is the image of X along f the obvious choice for it is the Kleisli category for a monad. • ηA(a) is the singleton fag Definition 1.1 A monad over a category C is a • µA(X) is the big union [X : triple (T; η; µ), where T : C ! C is a functor, η: IdC ! Computations with side-effects: 2 \I am trying to find out where λ-calculus should come from, • T ( ) is the functor ( × S)S, where S is a and the fact that the notion of a cartesian closed category is a nonempty set of stores. Intuitively a computa- late developing one (Eilenberg & Kelly (1966)), is not relevant to the argument: I shall try to explain in my own words in the tion takes a store and returns a value together next section why we should look to it first". with the modified store. • ηA(a) is (λs: S:ha; si) • On top of the programming language we consider equivalence and existence assertions (see Table 2). • µA(f) is (λs: S:eval(fs)), i.e. the computation that given a store s, first computes the pair Remark 1.4 The let-constructor is very important se- computation-store hf 0; s0i = fs and then returns mantically, since it corresponds to composition in the 00 0 0 the pair value-store ha; s i = f s . Kleisli category CT . While substitution corresponds to composition in C. In the λ-calculus (let x=e in e0) is Continuations: usually treated as syntactic sugar for (λx.e0)e, and this ( ) can be done also in the λ -calculus. However, we think • T ( ) is the functor RR , where R is a nonempty c that this is not the right way to proceed, because it set of results. Intuitively a computation takes a amounts to understanding the let-constructor, which continuation and returns a result. makes sense in any computational model, in terms of A • ηA(a) is (λk: R :ka) constructors that make sense only in λc-models. On the other hand, (let x=e in e0) cannot be reduced to A RA 0 • µA(f) is (λk: R :f(λh: R :hk)) the more basic substitution (i.e. e [x: = e]) without collapsing CT to C. One can verify for himself that other notions of compu- The existence assertion e # means that e denotes a tation (e.g.