This paper introduces a framework of quantitative logics to analyze the behavioral equivalence of effectful programs, extending traditional notions to include probabilistic and nondeterministic effects.
Contribution
It develops a new approach using quantitative modalities to characterize program equivalence, connecting it to Abramsky's applicative bisimilarity and ensuring congruence.
Findings
01
Quantitative modalities can characterize program equivalence.
02
Equivalence aligns with Abramsky's applicative bisimilarity.
03
Results apply to nondeterministic, probabilistic, and store effects.
Abstract
In order to reason about effects, we can define quantitative formulas to describe behavioural aspects of effectful programs. These formulas can for example express probabilities that (or sets of correct starting states for which) a program satisfies a property. Fundamental to this approach is the notion of quantitative modality, which is used to lift a property on values to a property on computations. Taking all formulas together, we say that two terms are equivalent if they satisfy all formulas to the same quantitative degree. Under sufficient conditions on the quantitative modalities, this equivalence is equal to a notion of Abramsky's applicative bisimilarity, and is moreover a congruence. We investigate these results in the context of Levy's call-by-push-value with general recursion and algebraic effects. In particular, the results apply to (combinations of) nondeterministic choice,…
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Full text
Quantitative Logics for Equivalence of Effectful Programs
Niels Voorneveld111Email:
[email protected]
222This material is based upon work supported by the Air Force Office of Scientific Research under award number FA9550-17-1-0326.
This project has received funding from the European Union’s Horizon 2020 research and innovation
programme under the Marie Skłodowska-Curie grant agreement No 731143.
University of Ljubljana
Ljubljana, Slovenia
Abstract
In order to reason about effects, we can define quantitative formulas to describe behavioural aspects of effectful programs. These formulas can for example express probabilities that (or sets of correct starting states for which) a program satisfies a property.
Fundamental to this approach is the notion of quantitative modality, which is used to lift a property on values to a property on computations.
Taking all formulas together, we say that two terms are equivalent if they satisfy all formulas to the same quantitative degree.
Under sufficient conditions on the quantitative modalities, this equivalence is equal to a notion of Abramsky’s applicative bisimilarity, and is moreover a congruence.
We investigate these results in the context of Levy’s call-by-push-value with general recursion and algebraic effects.
In particular, the results apply to (combinations of) nondeterministic choice, probabilistic choice, and global store.
1 Introduction
There are many notions of program equivalence for languages with effects.
In this paper, we explore the notion of behavioural equivalence, which states that programs may be considered behaviourally equivalent if they satisfy the same behavioural properties.
This can be made rigorous by defining a logic, where each formula ϕ denotes a certain behavioural property.
We write (P…⊨ϕ) to express the satisfaction of formula ϕ by term P…, which is usually given by a Boolean truth value (true or false).
Two terms P… and R… are said to be behaviourally equivalent if they satisfy the same formulas.
Such an approach is taken in for example [9].
In particular, we use this method to define equivalence for a language with algebraic effects in the sense of Plotkin and Power [26]. Effects can be seen as aspects of computation which involves interaction with the world ‘outside’ the environment in which the program runs. They include: exceptions, nondeterminism, probabilistic choice, global store, input/output, cost, etc. The examples given have common ground in the work of Moggi [21], and can moreover be expressed by specific effect triggering operations making them ‘algebraic’ in nature.
In the presence of such algebraic effects, computation terms need not simply reduce to a single terminal term (that is a value), they may also invoke effects on the way. Following [26, 13], we consider a computation term to evaluate to an effect tree, whose nodes are effect operators and leaves are terminal terms. The paper [28] introduced modalities that lift boolean properties of values to boolean properties of the trees modelling their computations.
See [23, 22, 27] for alternative ways in which logics can be used to describe properties of effects.
The use of a Boolean logic does however not readily adapt to several examples of effects, for example the combination of probability and nondeterminism.
The literature on compositional program verification shows the usefulness of quantitative (e.g. real-number valued) program logics for verifying programs with probabilistic behaviour, possibly in combination with nondeterminism [14, 20].
The paper [28] develops a general Boolean-valued framework which, although featuring many examples, does not apply to the combination of probability and nondeterminism.
This paper provides a general framework for quantitative logics for expressing behavioural properties of programs with effects, generalising the Boolean-valued framework from [28].
We consider a quantitative (quantity-valued) satisfaction relation ‘⊨’, where (P…⊨ϕ) is given by an element from a quantitative truth space A (a degree of satisfaction).
This allows us to ask open questions about programs, like “What is the probability that …” or “What are the correct global starting states for …”.
We define equivalence by stating that programs P… and R… are equivalent, if for any formula ϕ we have (P…⊨ϕ)=(R…⊨ϕ) (P… satisfies ϕ precisely as much as R… does).
A key feature of the logic is the use of quantitative modalities to lift quantitative properties on value types to quantitative properties on computation types.
As in [28], we are able to establish that the behavioural equivalence defined as above is a congruence, as long as suitable properties on the quantitative modalities are satisfied. These properties require notions of monotonicity, continuity, and a notion of preservation over sequencing called decomposability. As in [28], the congruence is established by proving that given one of the properties (leaf-monotonicity), our behavioural equivalence is equal to an effect-sensitive
notion of Abramsky’s applicative bisimilarity [1, 3]. Given further properties on the modalities, this relation can be proven to be compatible using Howe’s method [11].
The main contribution of this paper is the generalisation of [28], and the corresponding generalised results.
This goes through smoothly, though there are some subtleties like what to take as primitive in a quantitative setting. In particular, we will see the necessity of a threshold operation.
The other main contributions are the examples illustrating the quantitative approach.
Some examples such as the combination of nondeterminism with probabilistic choice, or with global store, do not fit into the Boolean-valued framework of [28], but do work here333The combination of global store and nondeterminism is possible in the framework of [28], of one only considers angelic (helpful) nondeterminism. The problem is with general (neutral) or demonic (antagonistic) nondeterminism, combined with global store.. But there are also examples, such as probability, global store, and cost, whose treatment is more natural in our quantitative setting, even though they also fit in the framework of [28].
As a vehicle of our investigation we use Levy’s call-by-push-value (CBPV) [17, 16], together with general recursion and the aforementioned algebraic effects. As such, it generalises [28] in a second way by using call-by-push-value to incorporate both call-by-name (CBN) and call-by-value (CBV) evaluation strategies. This is significant, since once either divergence or effects are present, the distinction between the reduction strategies becomes vital.
For example, if we take some probabilistic choice por signifying a fair coin flip, we have that ‘por(λx.0,λx.1)≡λx.por(0,1)’ holds in CBN, but not in CBV.
So it is interesting to consider CBPV, as it expresses both these behaviours.
The distinction is expressed in the difference between production-types FA
where one explicitly observes effects, and types like A→C
where the observation of effects is postponed to a later moment.
As such, this language is an ideal backdrop for studying effects.
In Section 2 we give the operational semantics of the language, starting with the effect-free version and working towards our treatment of algebraic effects. In Section 3 we present our quantitative logic, introducing quantitative modalities to deal with the observation of effects. In Section 4 we look at the resulting behavioural equivalence and the properties that establish the congruence property (or compatibility in its technical form). In Section 5 we relate this equivalence to applicative (bi)similarities by defining a relator using our modalities. This then allows us to adapt a Howe’s method proof of compatibility from [3, 28] for this equivalence. We finish in Section 6 with some discussions.
2 Operational semantics
We use a simply-typed call-by-push-value functional language as in [16, 17], together with general recursion and a ground type for natural numbers, making it a call-by-push-value variant of PCF [24]. To this, we add algebraic-effect-triggering operators in the sense of Plotkin and Power [26]. We first focus on the effect-free part of the language, as we want to consider effects independently of the underlying language.
2.1 The language
We give a brief overview of the language and its semantics. The types are divided into two flavours, Value types and Computation types. Value types contain value terms that are passive, they don’t compute anything on their own. Computation types contain computation terms which are active, which means they either return something to or ask something of the environment.
Value types A,B and computation types C,D are given by:
[TABLE]
where I is any finite indexing set. By asserting finiteness of I in the case of product types, the number of program terms is kept countable (a property which will have benefits later on in the formulation of the logic).
The type UC is a thunk type, which consists of terms which are frozen. These terms were initially computation terms but are made inactive by packaging them into a thunk.
The type N is the type of natural numbers, containing the non-negative integers. With this type, we can program any computable function on the natural numbers as in PCF [24].
The type FA is a producer type, which actively evaluates and returns values of type A to the current environment. As was stated, this is the type at which we can observe effects.
The type A→C is a type of functions, which is a computation type since its terms are actively awaiting input.
We have a countably-infinite collection of term variables x, and term contexts: Γ::=∅∣Γ,x:A.
Note that contexts only contain Value types, meaning that like in call-by-value, we can only ever substitute value terms. This is no loss of generality, as we can simulate substituting computation terms by packaging them into a thunk.
The terms of the language are as follows:
[TABLE]
We underline terms (M) and types (C) when they are computation terms and computation types respectively. We will also use E…,F… and P…,R… to denote general types and their terms, e.g. they could be either value or computation types/terms.
Following [16], their typing rules are given in Fig. 1. We distinguish two typing judgements, ⊢v and ⊢c, for value and computation terms respectively. We write Terms(E…) for the set of closed terms of type E…. Note the addition of the fixpoint operator fix(−) which has been added to allow for general recursion and hence divergence. We write n:N for the numeral representing the n-th natural number.
2.2 Semantics
We give the semantics of this language by specifying a reduction strategy for computation terms in the style of a CK-machine [5].
We distinguish a special class of computation terms, called terminal terms, which will not reduce further. They consist of: return(V):FA, λx:A.M:A→C, and ⟨Mi∣i∈I⟩:Πi∈IMi.
We first give the rules for terms we can directly reduce.
We denote these using relation symbol ⇝:
caseZin{M,S(x)⇒N}⇝M.
2. 2.
caseS(V)in{M,S(x)⇒N}⇝N[V/x].
3. 3.
letxbeV.M⇝M[V/x].
4. 4.
force(thunk(M))⇝M.
5. 5.
pm(j,V)as{…,(i.x).Mi,…}⇝Mj[V/x].
6. 6.
pm(V,V′)as(x,y).M⇝M[V/x,V′/y].
7. 7.
fix(M)⇝M⋅thunk(fix(M)).
The behaviour of the other non-terminal computation terms; Mtox.N, M⋅V and M⋅i, is implemented using a system of stacks defined recursively: S,Z::=ε∣S∘(−)tox.M∣S∘V∣S∘j.
We write S{M} for the computation resulting from applying S to M, which can be seen as evaluating the program M within the environment S.
ε{M}:=M(S∘(−)tox.N){M}:=S{Mtox.N}
(S∘V){M}:=S{M⋅V}(S∘i){M}:=S{M⋅i}
Whenever one encounters a computation of which one needs to first evaluate a subterm, one unfolds the continuation into the Stack and focusses on evaluating that subterm.
This method is given by the stack reduction relation ↣
in the following way:
If M⇝N, then (S,M)↣(S,N).
2. 2.
(S,Mtox.N)↣(S∘(−)tox.N,M).
3. 3.
(S∘(−)tox.N,return(V))↣(S,N[V/x]).
4. 4.
(S,M⋅V)↣(S∘V,M).
5. 5.
(S∘V,λx:A.M)↣(S,M[V/x]).
6. 6.
(S,M⋅j)↣(S∘j,M).
7. 7.
(S∘j,⟨Mi∣i∈I⟩)↣(S,Mj).
2.3 Adding algebraic effect operators
We add algebraic effects in the style of [13], given by specific effect operators.
We use a type variable α for computation types.
Effects are given by operators of the following arities (like in [13, 25]):
αn→α∣N×αn→α∣αN→α.
For each effect under consideration, we bundle together effect operators pertaining that effect in a set called an effect signatureΣ. Given such a signature, new computation terms can be constructed according to the typing rules in Fig. 2.
We look at the running examples of this paper.
Example 1** (Probabilistic choice).**
The effect of probability is implemented by the signature Σp:={por:α2→α}, where we have a single binary operator for fair probabilistic choice. The computation por(M,N) will have a 21 probability of evaluating M, and 21 probability of evaluating N.
Example 2** (Global store).**
In the case of global variables for natural numbers, we define a signature Σg:=⋃l∈L{lookupl:αN→α,updatel:N×α→α}, where we have a set of locations L for storing natural numbers. The computation lookupl(x.M) looks up the number at location l and substitutes it for x in M. The computation updatel(n,M) stores n at l and then continues with the computation M.
Example 3** (Probabilistic choice and global store).**
We will also consider the combination of the previous two examples, probabilistic choice with global store, given by effect signature Σpg:=Σp∪Σg.
Example 4** (Cost).**
If we want to keep track of costs of an evaluation, we take the signature Σc:={costc:α→α∣c∈C}, where we have a countable set of real-valued costs C. The computation costc(M) assigns a cost of c to the evaluation of M. This cost can represent a time delay or some other resource.
Example 5** (Combinations with nondeterminism).**
We consider a binary operator nor:α2→α for nondeterministic choice, which contrary to probabilistic choice is entirely unpredictable. One interpretation is to consider it under the control of some external agent or scheduler (e.g. a compiler), which one may wish to model as being cooperative (angelic), antagonistic (demonic), or neutral.
We will consider nondeterminism and it’s operator in combination with any one of the previous three examples. The resulting signatures are named Σpn, Σgn, Σgpn, and Σcn respectively.
Example 6** (Combinations with error).**
Lastly, given some set of error messages E, we consider adding error raising effect operations {raisee:α0→α∣e∈E} to the language, where raisee() stops the evaluation of a term, and displays message e. There is no continuation possible afterwards.
In the presence of such effects, the evaluation of a computation term might halt when encountering an algebraic effect operator. We broaden the semantics, where a computation term now evaluates to an effect tree, a coinductively generated term using operations from our effect signature Σ together with terminal terms and a symbol for divergence ⊥. This idea appears in [26], but here we adapt the formulation from [13] to call-by-push-value.
We define the notion of an effect tree over any set X, where X can be thought of as a set of terminal terms.
Definition 2.1**.**
An effect tree (henceforth tree) over a set X, determined by a signature Σ of effect operations, is a labelled and possibly infinite depth tree whose nodes have the possible forms given below.
A leaf node labelled ⊥ (the symbol for nontermination/divergence).
2. 2.
A leaf node labelled x where x∈X.
3. 3.
A node labelled ‘op’ with children t1,…,tn, when op∈Σ has arity αn→α.
4. 4.
A node labelled ‘op’ with children t0,t1,…, when op∈Σ has arity αN→α.
5. 5.
A node labelled ‘opm’ where m∈N with children t1,…,tn, when op∈Σ has arity N×αn→α.
The set of trees over set X and signature Σ is denoted TΣ(X). We can equip this set with a partial order ≤, where t≤r if r can be constructed from t by pruning (possibly infinitely many) subtrees and labelling the pruning points with ⊥.
Moreover, the preorder is ω-complete, so each ascending chain of trees t0≤t1≤… has a least upper bound ⊔ntn.
For any x∈X, we denote η(x)∈TΣ(X) for the tree which only consists of one leaf labelled x. We also have a map μ:TΣ(TΣ(X))→TΣ(X) which flattens a tree of trees into one tree, by transforming the leaves (which are trees) into subtrees.
For each computation type C we define the evaluation map ∣−∣:Terms(C)→TΣ(Terms(C)), which returns a tree, whose leaves are either labelled with ⊥ or labelled with a terminal term of type C. We define this inductively by constructing for each n∈N the n-th approximation of the tree.
∣S,M∣0:=⊥
2. 2.
∣ε,M∣n+1:=η(M) if M is a terminal computation term.
3. 3.
∣S,M∣n+1:=∣S′,M′∣n if (S,M)↣(S′,M′).
4. 4.
∣S,op(M1,…,Mm)∣n+1:=op{∣S,M1∣n,…,∣S,Mm∣n} if op:αm→α.
5. 5.
∣S,op(x.M)∣n+1:=op{m↦∣S,M[m/x]∣} if op:αN→α.
6. 6.
∣S,op(k,M1,…,Mm)∣n+1:=opk{∣S,M1∣n,…,∣S,Mm∣n} if op:N×αm→α.
Using this, we define ∣M∣:=⨆n∣ε,M∣n. We view ∣M∣ as an operational semantics of M in which M is reduced to its (possibly) observable computational behaviours, namely the tree of effect operations potentially performed in the evaluation of M. See Figure 3 for two examples of effect trees.
These trees are still quite syntactic, and may contain lots of unobservable information irrelevant to the real-world behaviour of programs.
In the next section, we will set up the quantitative logic which will extract from such trees only the relevant information, using quantitative modalities.
3 Quantitative Logic
We define a quantitative logic expressing behavioural properties of terms. Each type has a set of formulas, which can be satisfied by terms of that type to varying degrees of satisfaction. These degrees of satisfaction are given by truth values from a complete lattice.
A countably complete lattice is a set A with a partial order ⊴, where for each subset X⊆A there is a least upper bound sup(X) and a greatest lower bound inf(X). In particular, we define T:=sup(A)=inf(∅) as the completely true value, and F:=inf(A)=sup(∅) as the completely false value.
We also equip this space with a notion of negation or involution, which is a bijective map ¬:A→A such that ∀a∈A,¬(¬a)=a and ∀a,b∈A,(a⊴b)⇔(¬b⊴¬a).
We will use the words involution and negation interchangeably.
Given the conditions of an involution, it holds that ¬T=F and ¬F=T. 444Results about the positive behavioural equivalence, and the positive logic, do not need negation. So a subset of results in this paper are still valid without it.
Examples of complete lattices with involution/negation used in this paper are:
The BooleansB:={T,F}, where F⊴T. Negation swaps the elements.
2. 2.
The real number interval[0,1], with the usual order. Here T=1, F=0, and ¬x:=1−x.
3. 3.
The powerset P(X) over some set X, whose order is given by inclusion ⊆, so T=X and F=∅. Negation is given by the complement, where ¬A:=X−A={x∈X∣x∈/A}.
4. 4.
For A a complete lattice and X a set, the function space AX with point-wise order is a complete lattice.
5. 5.
The infinite interval[0,∞] with reversed order. Here, T=0, F=∞, and ¬x:=1/x.
We construct a logic for our language in order to define a behavioural preorder. For each type E…, value or computation, we have a set of formulas Form(E…). Greek letters ϕ,ψ,… are used for formulas over value types, underlined Greek letters ϕ,ψ,… for formulas over computation types, and underdotted Greek letters ϕ…,ψ…,… for formulas over any type. We are aiming to define a quantitative relation (P…⊨ϕ…) to denote the element of A which describes the degree to which the term P… satisfies the formula ϕ… (e.g. this may describe the probability of satisfaction or the amount of time needed for satisfaction).
We choose the formulas according to the following two design criteria, as in [28].
Firstly, we design our logic to only contain behaviourally meaningful formulas. This means we only want to test properties that are in some sense observable by users and/or other programs. For example, for the natural numbers type N we have a formula {n} which checks whether a term is equal to the numeral n.
For function types we have formulas of the form V→ϕ which tests a program on a specific input V, and checks how much the resulting term satisfies ϕ.
Secondly, we desire our logic to be as expressive as possible. To this end, we add countable disjunction (suprema) ⋁ and conjunction (infima) ⋀ over formulas, together with negation ¬. Moreover, we add two natural quantity-specific primitives: a threshold operation and constants. Both such operations are used frequently (albeit implicitly) in practical examples of quantitative verification, e.g. in [20].
3.1 Quantitative modalities
Fundamental to the design of the logic is how we interpret algebraic effects. In CBPV, effects are observed in producer types FA. In order to formulate observable properties of FA-terms in our logic, we include a set of quantitative modalities which lift formulas on A to formulas on FA.
We bundle our a selection of quantitative modalities together in a set Q.
Each modality q∈Q denotes a function [[q]]:TΣ(A)→A, which is used to translate a tree of truths into a singular truth value. Given a quantitative predicate Θ:X→A on a set X, we can use a modality q to lift it to a quantitative predicate q(Θ):TΣ(X)→A as follows. For t∈TΣ(X), we write t[Θ] for the tree in TΣ(A) where each non-⊥ leaf x∈X is replaced by the value Θ(x). Then q(Θ)(t)=[[q]](t[Θ]).
In the examples, we will define the denotation of a modality q by giving for each n∈N an approximation [[q]]n.
These will follow the rules: [[q]]0(t)=F, [[q]]n(⊥)=F, and [[q]]n+1(η(a))=a, and effect specific rules given in the examples below.
Given these approximations, the denotation [[q]](t) is given by sup{[[q]]n(t)∣n∈N}.
Example 1** (Probabilistic choice).**
We use as quantitative truth space the real number interval A:=[0,1] with ⊴:=≤, which denote probabilities555One could alternatively consider [0,∞] as the value set.. We take a single modality E for expectation, where (M⊨E(Θ)) gives the expected value of (V⊨Θ) given the probabilistic distribution M induces on its return values V.
This is achieved by giving E the denotation [[E]]:TreesΣp(A)→A which sends a tree of real numbers to the expected real number, where the approximation of the denotation is given by:
[[E]]n+1(p-or(t,r))=([[E]]n(t)+[[E]]n(r))/2.
Example 2** (Global store).**
Given a set of locations L, we have a set of statesS:=L→N. Our set of truth values is given by the powerset A:=P(S) with ⊴:=⊆.
We have a single modality G, where (M⊨G(Θ)) gives the set of starting states for which M terminates with a value V such that the end state is contained in (V⊨Θ).
We define this formally with the following rules:
[[G]]n+1(lookupl(t0,t1,…))={s∈S∣s∈[[G]]max(0,n−s(l))(ts(l))} and
[[G]]n+1(updatel,m(t))={s∣s[l:=m]∈[[G]]n(t)}.
Example 3** (Probabilistic choice and global store).**
For this combination of effects, we take as truth space the functions A:=[0,1]S with point-wise order, where S is the set of global states and [0,1] the lattice of probabilities with standard order. Intuitively, this space assigns to each starting state a probability that a property is satisfied. We define a single modality EG which, for each state s∈S, is given by the following rules: [[EG]]n+1(p−or(t,r))(s):=([[EG]]n(t)(s)+[[EG]]n(r)(s))/2, [[EG]]n+1(lookupl(t0,t1,…))(s)=[[EG]]max(0,n−s(l))(ts(l))(s), and
[[EG]]n+1(updatel,m(t))(s)=[[EG]]n(t)(s[l:=m]).
Example 4** (Cost).**
We use the infinite real number interval A:=[0,∞] with ⊴:=≥ denoting an abstract notion of cost (e.g. time).
Trees are just branches in this example.
We have a single modality C, where (M⊨C(Θ)) is the cost it takes for M to evaluate plus the cost given by (V⊨Θ), where V is the value M evaluates to.
The definition of [[C]]:TreesΣd(A)→A is such that [[C]]n+1(costc(t))=c+[[C]]n(t). Note that for any tree t either infinite or with leaf ⊥, we have [[C]](t)=∞.
This reflects the idea that a diverging computation will exceed any possible finite cost.
Example 5** (Combinations with nondeterminism).**
To add nondeterminism to any of the previous examples, we keep their truth space A∈{[0,1],P(S),[0,1]X,[0,∞]}, and extend the definition of their modality q∈{E,G,EG,C} in two ways, creating an optimistic modality q◊ and a pessimistic modality q□ such that:
For the combination with probability, we can see the nondeterministic choice as being controlled by some external agent, which chooses a strategy for resolving the nondeterministic choice nodes, like in a Markov decision processes.
E◊ finds the optimal strategy to get the best expectation, whereas E□ finds the worst strategy.
Similarly, C◊ will search for the minimum possible execution cost, while C□ will look for the maximum cost.
For instance, if the denotation ∣M∣ of a term M of type FN is given by the first tree in Fig. 3, then (M⊨E◊({1}))=1/2 and (M⊨E□({1}))=1/4.
If ∣N∣ is given by the second tree from Fig. 3, then (N⊨G◊({0}))={s∈S∣s(l)=0∨s(r)=0} and (N⊨G□({0}))={s∈S∣s(l)=0=s(r)}.
Example 6** (Combinations with error).**
There are two ways of defining combinations with error messages, akin to the sum and tensor approach of combining effects from e.g. [12].
Let Σ, A and Q be the signature, truth space, and quantitative modalities of the effects to which we want to add error messages from a set E.
Given a modality q∈Q and some function f:E→A, assigning to each message a value, we define a new modality qf which, besides inheriting the rules from q, follows the rule [[qf]]n+1(raisee)=f(e).
We define two new sets of modalities for this combination, Q+:={qf∣q∈Q,f:E→{F,T}} and Q×:={qf∣q∈Q,f:E→A}, each giving a different interpretation of error.
E.g. in the presence of global store (Example 2), the modalities from Q+ are not able to observe the final global state when an error message has been raised, whereas some modalities from Q× can. For instance, for e∈E and f:E→A such that f(e):={s[l:=1]∣s∈S}, it holds that Gf is in Q× but not in Q+). Moreover, (updatel(1,raisee())⊨(Gf(⊤)))=T whereas (updatel(0,raisee())⊨Gf(⊤))=F. Those two terms are however not distinguishable by any modality from Q+.
All the Boolean-valued examples of modalities for effects in [28], can also be accommodated in our quantitative setting by taking A:={T,F}. These include for instance Input/Output.
3.2 Formulation of the logic
We write Form(E…) for the set of formulas over type E…, which is defined by induction on the structure of E….
Fig. 4 gives the inductive rules for generating these formulas. We have modality formulas q(ϕ), constant formulas κa, and step formulas ϕ…⊵a. Note that conjunctions and disjunctions (i.e., meets and joins) are taken over countable sets of formulas only.
We define a quantitative satisfaction relation ⊨:Terms(E…)×Form(E…)→A, thus for P…∈Terms(E…) and ϕ∈Form(E…), the satisfaction statement (P…⊨ϕ) denotes an element of A.
Satisfaction of the formulas is defined inductively by the following rules:
[TABLE]
The modality formula q(ϕ) is particularly important, as it expresses how the quantitative modalities are used to observe effects.
The last couple of satisfaction rules are for formula constructors occurring at each type.
[TABLE]
All formulas together form the general logicV. We distinguish a specific fragment of V, the positive logicV+ excluding all formulas which use ¬(). The logic V+ can be interpreted without giving an involution on A.
We end this section by looking at some interesting properties we can construct using the logic, illustrating the expressibility of the logic.
In case of global store (Example 2), we can construct formulas in the style of Hoare logic.
For instance, taking two subsets P,Q∈A=P(S) of global states, the statement M⊨G(κQ)⊵P will give T, precisely if, when starting the execution of M with a state from P, the execution will terminate with a state from Q.
As another example, in case of global store with probability (Example 3), where A:=[0,1]S, we can construct, given a formula ϕ and a distribution of states μ∈[0,1]S, a formula Σμ(ϕ) such that (M⊨Σμ(ϕ))(s)=min(1,∑s∈Sμ(s)⋅(M⊨ϕ)(s)). Then (M⊨Σμ(EG(κT))) expresses the probability of termination of M, given that the starting state is sampled from μ.
In the same vein, we can look at the combination of probability and nondeterminism (Example 1 and 5), where (M⊨⋁a,b∈[0,1](E◊(κT)⊵a∧E□(κT)⊵b∧κ(a+b)/2)) expresses the probability that M terminates, given that the agent/scheduler in control of nondeterministic choice is sampled from a distribution of which 50% is helpful and 50% is antagonistic.
4 Behavioural equivalence
We can define a behavioural preorder for any sub-collection of formulas L.
Definition 4.1**.**
For any fragment of the logic L⊆V, the logical preorder⊑L is given by:
The general behavioural preorder⊑ is the logical preorder ⊑V, whereas the positive behavioural preorder⊑+ is the logical preorder ⊑V+. We denote ≡ and ≡+ for the logical equivalences ≡V and ≡V+ respectively (the behavioural equivalences). These closed relations can be extended to relations on open terms by using the open extension (where two open terms are related if they are related for any substitution of variables).
A basic formula is a non-constant formula (not necessarily atomic) which on the top level does not have conjunction ⋀, disjunction ⋁, negation ¬, constant formula κa or step-construction (−)⊵a.
It is not difficult to see that both ⊑ and ⊑+ are completely determined by basic formulas.
Note that since V+⊆V, it holds that (⊑)⊆(⊑+) and (≡)⊆(≡+).
Lemma 4.2**.**
The general behavioural preorder ⊑ is symmetric, so (⊑)=(≡).
Proof.
Assume P…⊑R…, then for any formula ϕ… we have ¬(P…⊨ϕ…)=(P…⊨¬(ϕ…))⊴(R…⊨¬(ϕ…))=¬(R…⊨ϕ…). Hence (R…⊨ϕ…)⊴(P…⊨ϕ…) for any ϕ…, so R…⊑P….
∎
Lemma 4.3**.**
For any fragment L of the logic V closed under countable conjunctions, it holds that for any term P…:E… there is a formulas χP… s.t.: If P…⊑LR… then (R…⊨χP…)=T, else (R…⊨χP…)=F.
Proof.
For any R…:E… such that P…⊑LR… we can find a formula ψR… such that (P…⊨ψR…)⊴(R…⊨ψR…). We choose such a formula for each R… as above, and define X:={ψ⊵(P…⊨ψR…)R…∣R…:E…,P…⊑LR…}, which is countable since there are countably many terms. Then χP…:=⋀X has the desired properties.
∎
Lemma 4.4**.**
For L∈{V,V+}, we have the following characterisations of the logical preorder R:=⊑L:
VRNW⟺V=W.
2. 2.
MRUCN⟺force(M)RCforce(N).
3. 3.
(j,V)RΣi∈IAi(k,W)⟺(j=k)∧VRAjW.
4. 4.
(V,V′)RA×B(W,W′)⇔VRAW∧V′RBW′.
5. 5.
MRA→CN⟺∀V:A,M⋅VRCN⋅V.
6. 6.
MRΠi∈ICiN⟺∀j∈I,M⋅jRMjN⋅j.
Proof.
Note that at each type level, the preorder is completely determined by basic formulas. All other formulas depend solely on the satisfaction of basic formulas, by a simple induction.
As such, the above characterisations are a simple consequence of unfolding the satisfaction relation of basic formulas.
∎
4.1 Congruence properties
A relation on terms is compatible, if it is preserved over the typing rules from Fig. 1.
We introduce the three properties that we will require in order to establish that (the open extensions of) the behavioural preorders are compatible, hence precongruences.
The space TΣ(A), which forms the basis of the technical definition of the modalities, plays a fundamental role in this.
The first property considers the leaf order TΣ(⊴) on TΣ(A), where tTΣ(⊴)r if r can be created by replacing leaves a∈A of t by leaves b∈A of higher value a⊴b.
The ⊥ leaves can however not be replaced.
Definition 4.5**.**
A modality q∈Q is leaf-monotone if ∀t,r∈TΣ(A), tTΣ(⊴)r⟹[[q]](t)⊴[[q]](r).
This property is useful for establishing a variety of different results, but mainly just shows that modalities preserve the implicit (point-wise) order ϕ…⇒ψ… on formulas (ϕ…⇒ψ… iff ∀P…,(P…⊨ϕ…)⊴(R…⊨ψ…)).
The second property considers the ω-complete tree order ≤ on TΣ(A), defined just after Definition 2.1.
Definition 4.6**.**
A modality q∈Q is tree Scott continuous if for any ascending chain t0≤t1≤t2≤… it holds that [[q]](⨆n∈Ntn)=sup{[[q]](tn)∣n∈N}.
This is property is necessary in the congruence proof for inductively approximating the satisfaction value of infinite trees generated by the fixpoint operator and infinite arity effect operators.
The third and final property is the most technical one, and considers the preservation of the behavioural preorder over sequence operations such as (−)tox.(−).
It considers the monad multiplication map μ:TΣ(TΣ(A))→TΣ(A), and requires that the abstract generalisation of the behavioural preorder on TΣ(TΣ(A)) and TΣ(A) is preserved by the μ-map.
To formulate this, we need first define these abstract relations.
We write h:A→⊴A to say that h is a monotone function from A to A, so a⊴b⇒h(a)⊴h(b).
For a function h:X→Y we write h∗:TΣ(X)→TΣ(Y) for its (functorial) lifting defined by h∗(t):=t[x→h(x)].
For a function h:X→A (a valuation on X) and a modality q∈Q, we write t∈q(h) for [[q]](h∗(t)).
Definition 4.7**.**
For any two trees t,t′∈TA,
t⪯t′⟺∀q∈Q,∀h:A→⊴A,(t∈q(h))⊴(t′∈q(h)).
For any relation R⊆X×Y, and valuation h:X→A, we define (R↑(h)):Y→A to be the function such that R↑(h)(b):=supa∈X,aRb(h(a)).
We classify abstract quantitative behavioural properties on TA.
A function H:TΣ(A)→A is called quantitative behaviourally saturated if for any two trees t,t′∈TA such that t⪯t′, it holds that H(t)⊴H(t′).
We write QBS for the set of quantitative behaviourally saturated functions.
Note that H∈QBS if and only if there is a function F:TA→A such that H=⪯↑(F).
Moreover, for any q∈Q, it is easy to see that [[q]]∈QBS.
We define a relation on quantitative double treesTTA.
Definition 4.8**.**
We define the preorder ⋞ on TTA by: for any two quantitative double trees r,r′∈TTA,
r⋞r′⟺∀q∈Q,∀H∈QBS,r∈q(H)⊴r′∈q(H).
Lemma 4.9**.**
*If all modalities q∈Q are leaf-monotone, then for any two r,r′∈TTA,
r⋞r′⟺∀F:TΣ(A)→A,∀q∈Q,r∈q(F)⊴r′∈q(⪯↑(F)).*
Proof.
For ‘⇒’, note that for any t∈TA, F(t)⊴⪯↑(F)(t) so the result follows from leaf-monotonicity and the fact that ⪯↑(F)∈QBS.
For ‘⇐’, use that for H∈QBS, ⪯↑(H)=H.
∎
We can define the third property, decomposability, together with its stronger counterpart, sequentiality666Sequentiality is one of two properties for [[q]] to be an Eilenberg-Moore algebra for the monad TΣ(−).
Definition 4.10**.**
Q* is decomposable if for all t,r∈TΣ(TΣ(A)), if t⋞r then μt⪯μr. A modality q∈Q is sequential if for all t∈TΣ(TΣ(A)),[[q]](μt)=[[q]]([[q]]∗(t)).*
Lemma 4.11**.**
If all modalities q∈Q are leaf-monotone and sequential, then Q is decomposable.
Proof.
Assume r⋞r′, and let q∈Q and h:A→⊴A.
It is easy to see that [[q]]∈QBS, so ([[q]]∘h∗)∈QBS too.
Since q is sequential, [[q]](h∗(μr))=[[q]](μ(h∗∗(r)))=[[q]]([[q]]∗∘h∗∗(r))=(r∈q([[q]]∘h∗))⊴(r′∈q([[q]]∘h∗)) which is by the same steps equal to [[q]](h∗(μr′)).
Hence μr⪯μr′, and as such, Q is decomposable.
∎
The three properties defined above allow us to establish compatibility:
Theorem 4.12**.**
If Q is a decomposable set of leaf-monotone and Scott tree continuous modalities, then ⊑ and ⊑+ are compatible, hence precongruences.
All our examples satisfy these three properties. Both leaf-monotonicity and Scott tree continuity are consequences of the inductive and hence continuous definitions of the modalities, while decomposability holds by observing that any modality from the examples is sequential.
We illustrate this in the following lemma.
Lemma 4.13**.**
In Example 5 of combined probability and nondeterminism, E□ is sequential.
Proof.
Take r,r′∈TΣ(TΣ(A)) as above and assume [[E□]](μr)>a∈[0,1], then since [[E□]](μr)=supn([[E]]n(μr)) there must be an n∈N such that [[E]]n(μr)>a. By the recursive definition of [[E□]](−) we can see that [[E]]n(r[t↦Fn′(t)])≥[[E]]n(μr), and hence [[E□]]([[E□]]∗(r))>a.
Now assume [[E□]]([[E□]]∗(r))>a, then there must be an m such that [[E]]m([[E□]]∗(r))>a. Now, [[E]]m only looks at a finite amount of leaves, and hence there must be a k such that [[E]]m([[E]]k∗(r))>a. Again, studying the recursive definition of [[E□]](−) we observe that [[E□]]m+k(μr)≥[[E]]m([[E]]k∗(r′)), so we conclude that [[E□]](μr)>a.
This is for all such a∈A, so [[E□]](μr)=[[E□]]([[E□]]∗(r)).
∎
We end this section with an example of an equivalence and an in-equivalence. It has to be said that the purpose of this paper is to give a widely applicable approach to defining equivalence, not to prove equivalence of terms. Moreover, for practical purposes, establishing an in-equivalence is easier than establishing an equivalence, since you only have to find one formula which distinguishes the two.
As an example, we look at the combination of cost and nondeterminism, given by signature Σcn, truth space [0,∞] with reverse order, and modalities {C◊,C□}.
Consider the two terms M:=cost1(return(7)) and N:=nor(return(7),cost3(return(7))), both of which always return 7, though N may return it at a lower or higher cost.
Then M⊑+N, since (M⊨C◊({7}))=1≤0=(N⊨C◊({7})), and N⊑+M, since (N⊨C□({7}))=3≤1=(M⊨C□({7})).
However, taking K:=nor(M,N), it can be shown that K≡N, since for any formula ϕ∈Form(N), (N⊨C◊(ϕ))=(7⊨ϕ)=(K⊨C◊(ϕ)) and (N⊨C□(ϕ))=(7⊨ϕ)+3=(K⊨C□(ϕ)).
5 Applicative Bisimilarity
We investigate how our quantitative modalities can be used to define a notion of Abramsky’s applicative bisimilarity [1], related to the behavioural equivalence (Theorem 5.7), starting off by defining a relator [18, 29].
Definition 5.1**.**
Given Q, we have a relatorQ(−):P(X×Y)→P(TX×TY) given by:
[TABLE]
We write xRy for (x,y)∈R. Remember from the previous section that (t∈q(h))=[[q]](t[x↦h(x)]) and (R↑(h))(b):=sup{h(a)∣a∈X,aRb}.
Note that Q(⊴)=⪯ and Q(⪯)=⋞ (see Lemma 4.9). The following characterisation of the relator is immediate:
Lemma 5.2**.**
For any t∈TX, r∈TY, and R⊆X×Y, tQ(R)r⟺∀h:X→A,h∗(t)⪯(R↑(h))∗(r).
The following lemma shows that this satisfies the usual properties of monotone relators from [18, 29]. The proof is technical yet straightforward, and is left out to preserve space.
Lemma 5.3**.**
If all quantitative modalities from Q are leaf-monotone, then Q(−) has the following properties:
If R is reflexive, then so is Q(R).
2. 2.
If R⊆S, then Q(R)⊆Q(S).
3. 3.
For R⊆X×Y and S⊆Y×Z, Q(R)Q(S)⊆Q(RS). Here RS is relational concatenation.
4. 4.
∀f:X→Z,g:Y→W,R⊆Z×W* it holds that Q((f×g)−1R)=(f∗×g∗)−1Q(R)*
where (f×g)−1(R)={(x,y)∈X×Y∣f(x)Rg(y)}.
Fundamental to the definition of the relator is the notion of the right-predicateR↑(h). When the relation in question is our behavioural preorder, these right-predicates can be expressed in the logic.
Lemma 5.4**.**
Take L∈{V,V+}. For any predicate D:Terms(A)→A, there is a formula ϕD∈L such that (V⊨ϕD)=(⊑L↑(D))(V) for any term V∈Terms(A).
Proof.
We use Lemma 4.3 to define ϕD:=⋁{⋀{κD(V),χV}∣V∈TΣ(A)}.
∎
In the case that R is a relation on terms of some value type A, we write Q(R) for the relation on terms of type FA given by Q({(return(V),return(W))∣VRAW}).
A relation R on terms is well-typed, if it only relates terms of the same type and context, and R is closed if it only relates closed terms.
Definition 5.5**.**
A well-typed closed relation R is an applicative Q-simulation if:
VRNW⟹V=W.
2. 2.
MRUCN⟹force(M)RCforce(N).
3. 3.
(j,V)RΣi∈IAi(k,W)⟹(j=k)∧VRAjW.
4. 4.
(V,V′)RA×B(W,W′)⟹VRAW∧V′RBW′.
5. 5.
MRA→CN⟹∀V:A,M⋅VRCN⋅V.
6. 6.
MRΠi∈ICiN⟹∀j∈I,M⋅jRMjN⋅j.
7. 7.
MRFAN⟹∣M∣Q(RA)∣N∣* .*
The applicative Q-similarity is the largest applicative Q-simulation, whereas the applicative Q-bisimilarity is the largest symmetric applicative Q-simulation.
Theorem 5.6**.**
If all quantitative modalities from Q are leaf-monotone, then the positive behavioural preorder ⊑+ is the applicative Q-similarity.
Proof.
Note that ⊑+ satisfies the first 6 properties for being a Q-simulation as a consequence of Lemma 4.4.
We prove the seventh property:
Assume M⊑+N, q∈Q and D:Terms(A)→A.
We use Lemma 5.4 to find a formula ϕD such that ϕD(V)=(⊑+↑(D))(V).
By reflexivity of ⊑+, we have D(V)⊴(⊑+↑(D))(V), so by leaf-monotonicity and M⊑+N it holds that: [[q]](D∗(∣M∣))⊴(M⊨q(ϕD))⊴(N⊨q(ϕD))=[[q]]((⊑+↑(D))∗∣N∣).
We can conclude that ∣M∣Q(⊑A+)∣N∣.
So we proved that ⊑+ is a Q-simulation.
We now need to prove that ⊑+ contains any other Q-simulation R.
To do that, we show that R preserves any formula ϕ… in the following sense: If P…RR…, then (P…⊨ϕ…)⊴(R…⊨ϕ…).
We do this by induction on formulas, using the fact that any formula is well-founded.
Assume P…RR….
Suppose R preserves any formula from X⊆Form(P…). Then (P…⊨⋁X)=sup{(P…⊨ϕ…)∣ϕ…∈X}⊴sup{(R…⊨ϕ…)∣ϕ…∈X}=(R…⊨⋁Y) and (P…⊨⋀X)=inf{(P…⊨ϕ…)∣ϕ…∈X}⊴inf{(R…⊨ϕ…)∣ϕ…∈X}=(R…⊨⋀Y).
Assume R preserves formula ϕ…, and (P…⊨ϕ…⊵a)=F, then (P…⊨ϕ…)⊵a, so (R…⊨ϕ…)⊵a, hence (R…⊨ϕ…⊵a)=T.
R obviously preserves constant formulas, since (P…⊨κa)=a⊴a=(R…⊨κa).
It is not difficult to prove that R preserves most basic formulas. The only difficult formula to consider is q(ϕ)∈Form(FA). Assume MRN, so by simulation property ∣M∣Q(R)∣N∣. By induction hypothesis and relator property 2 in Lemma 5.3, it holds that ∣M∣Q(⊑A+)∣N∣.
Hence (M⊨q(ϕ))⊴[[q]]((⊑+↑(V↦(V⊨ϕ)))∗(∣N∣)),
which since (⊑+↑(V↦(V⊨ϕ)))(W)⊴(W⊨ϕ) means with leaf-monotonicity of q that (M⊨q(ϕ))=[[q]](∣M∣[ϕ])⊴[[q]](∣N∣[ϕ])=(N⊨q(ϕ)). We conclude that M⊑+N.
We can conclude that ⊑+ is the largest Q-simulation, hence it is equal to Q-similarity.
∎
Note the crucial use of Lemma 5.4 in the proof, which explains the need of the step-formulas in the logic.
Theorem 5.7**.**
If all quantitative modalities from Q are leaf-monotone, then the general behavioural preorder ⊑ is the largest symmetric applicative Q-simulation, and hence equal to applicative Q-bisimilarity.
Proof.
Firstly, it holds by Lemma 4.2 that ⊑ is symmetric.
Secondly, ⊑ is a Q-simulation by the same proof as above. Lastly, any symmetric Q-simulation R is included in ⊑, using a similar proof as above, proving with induction on formulas ϕ… that P…RR… implies (R…⊨ϕ…)=(P…⊨ϕ…).
∎
5.1 Howe’s method
In this subsection, we briefly outline how the Howe’s method [10, 11] can be used to establish compatibility for the open extension of applicative Q-similarity and Q-bisimilarity as in [3, 28].
Firstly, we need some properties of the relators in addition to Lemma 5.3. The proofs are technical and are left out to preserve space.
Lemma 5.8**.**
If all q∈Q are leaf-monotone and Scott tree continuous, then the following four properties hold:
tQ(R)r∧t′≤t∧r≤r′⟹t′Q(R)r′.
2. 2.
for any chain of trees t0≤t1≤t2≤…,
∀n(tnQ(R)rn)⇒(⊔ntn)Q(R)(⊔nrn).
3. 3.
R⊆X×Y, S⊆A×B and (f,g):X×Y→A×B, (xRy⇒f(x)Sg(y))⟹(tQ(R)r⇒f∗(t)Q(S)g∗(r)).
4. 4.
xRy⟹η(x)Q(R)η(y)**
The following lemma necessarily uses the property of decomposability.
Lemma 5.9**.**
Given a decomposable set Q of leaf-monotone modalities, then: aQ(Q(R))b⇒μaQ(R)μb.
Proof.
Assume aQ(Q(R))b and take some h:X→A.
Let t:=h∗∗(a) and r:=(R↑(h))∗∗(b), then μt=h∗(μa) and μr=R↑(h)∗(μb).
We prove that t⋞r using Lemma 4.9, so we can use decomposability to derive μt⪯μr, from which we can conclude that h∗(μa)⪯(R↑(h))∗(μb), which by Lemma 5.2 implies μtQ(R)μr.
Let q∈Q and H∈QBS, then (t∈q(H))=[[q]](H∗(t))=[[q]]((H∘h∗)∗(a))=(a∈q(H∘h∗))⊴(b∈q(Q(R)↑(H∘h∗))).
Now (Q(R)↑(H∘h∗))(k)=sup{H(h∗(l))∣lQ(R)k}⊴sup{H(h∗(l))∣h∗(l)⪯(R↑(h))∗(k)} by Lemma 5.2.
Since H∈QBS, the statement is smaller than H((R↑(h))∗(k)).
Hence using leaf-monotonicity, (b∈q(Q(R)↑((H∘h∗))))⊴(b∈q(H∘(R↑(h))∗)=(r∈q(H)).
So we can conclude that (t∈q(H))⊴(r∈q(H)), and we are finished.
∎
As a consequence of the above lemmas, the following holds.
Corollary 5.10**.**
Given that Q is a decomposable set of leaf-monotone and Scott tree continuous modalities:
One of the contributions of this paper is identifying the properties on quantitative modalities for which the above relator properties are satisfied, such that we can apply Howe’s method.
The application of Howe’s method itself is however not novel, and is simply an alteration of the proof used for the call by value case in [3, 28] (untyped and simply-typed respectively), using results from [15].
As such, details of the proof have been omitted.
In short, Howe’s method allows us to establish the following theorem.
Theorem 5.11**.**
If Q is a decomposable set of leaf-monotone and Scott tree continuous quantitative modalities, then Q-similarity and Q-bisimilarity are compatible.
Combining theorems 5.6, 5.7, and 5.11 we can derive Theorem 4.12, that the general and positive behavioural equivalence/preorder are compatible.
6 Discussions
We have generalised the logic from [28] to a quantitative logic for terms of a call-by-push-value language with general recursion and several (combinations of) algebraic effects.
The quantitative logic is expressive, contains only meaningful behavioural properties, and induces a compatible program equivalence on terms.
In this paper, we consider program properties (or observations) as the primary way of describing program behaviour.
According to this philosophy, the generalisation to quantitative properties is natural.
Alternatively, one could consider relations (or comparisons) as primary, and instead generalise to quantitative relations. The resulting theory is that of metrics, along the lines of [2, 4, 19].
Relating the logic from this paper, or a variation thereof, to metrics (e.g. like the ones in [7]) is a topic for future research.
The quantitative logic does not however naturally induce a metric on the terms. This is mainly because of the inclusion of step-formulas ϕ⊵a, which take the quantitative information from ϕ and collapses it to a binary value.
These step-formulas are necessary for relating the behavioural equivalence with the applicative bisimilarity.
Their necessity can be seen as a natural consequence of the non-linearity of the language.
E.g., in the case of probability with A:=[0,∞], the step-formula can be constructed using products of formulas.
The quantitative logic is very expressive,
allowing one to deal with some awkward combinations of effects that are not amenable to a boolean treatment.
Despite the many examples of combination of effects, there is no general theory for quantitative modalities of combined effects.
Such a theory is a potential subject for further research.
It would also be interesting to look at other examples of effects which the quantitative logic could describe,
like a the algebraic jump effect described in [6],
or some form of concurrency.
The logic and examples from [28] can be considered as further examples for this paper, where one considers A:={T,F}.
The property of Scott openness is the Boolean version of a combination of Scott tree continuity and leaf-monotonicity, and the notion of decomposability is a quantitative generalisation of the notion from [28] with the same name.
It should be noted, however, that most modalities from [28] are not sequential.
Along the lines of [28], it is possible to define a pure variation of the logic. This is a logic independent of the term syntax, using function formulas of the form (ψ↦ϕ) instead of (V↦ϕ), where (M⊨(ψ→ϕ)):=⋀{(M⋅V⊨ϕ)∣(V⊨ψ)=T}.
The logical equivalence of this pure logic will be equal to the behavioural equivalence, if the behavioural equivalence is compatible.
The denotation [[q]]:TA→A of quantitative modalities are, in the case of the running examples, Eilenberg-Moore algebras. These are algebras a:TX→X such that a∘ηX=idX and a∘Ta=a∘μX, the second statement coincides with the property of sequentiality in this paper.
As such, our example modalities potentially fit into the framework of Hasuo [8].
Connections between the two approaches may be explored in the future.
Since the theory has been formulated for call-by-push-value, it is not difficult to extract logics for specific reduction strategies including; call-by-name, call-by-value and lazy PCF [16, 17].
The language can also be extended with universal polymorphic and recursive types.
These extensions of the language are worked out in the author’s forthcoming thesis. Further extensions could also be considered in the future.
Acknowledgements:
I would like to thank Alex Simpson, Francesco Gavazzo and Aliaume Lopez for all the helpful discussions and comments.
Appendix A Howe’s method proof
In this appendix we give the proofs for Howe’s method outlined in Subsection 5.1, to establish the compatibility of
applicative Q-(bi)similarity, and hence of the behavioural preorders. We start with the proofs of the relator properties.
If R is reflexive, then ∀x,R↑(h)(x)=sup{h(a)∣aRx}⊵h(x) since xRx, hence (h∗(t))TΣ(⊴)R↑(h)∗(t). So by leaf-monotonicity, for any q∈Q,
[[q]](h∗(t))⊴[[q]](R↑(h)∗(t)).
If R⊆S, then for any x it holds that R↑(h)(x)⊴S↑(h)(x). So by leaf-monotonicity, [[q]](R↑(h)∗(t))⊴[[q]](S↑(h)∗(t)).
If tQ((f×g)−1R)r then for all h:Z→A, h∗(f∗(t))=(h∘f)∗(t)≼(((f×g)−1R)↑(h∘f))∗(r)≼((R↑(h))∘g)∗(r)=(R↑(h))(g∗(r)), so t(f∗×g∗)−1(Q(R))r.
If t(f∗×g∗)−1(Q(R))r then ∀h:X→A, h∗(t)≼(z↦sup{h(x)∣f(x)=z})∗(f∗(t))≼(R↑(z↦sup{h(x)∣f(x)=z}))∗(g∗(r))=(y↦sup{h(x)∣x∈X,zRg(y),f(x)=z})∗(r)≼(((f×g)−1R)↑(h))∗(r), hence we conclude that tQ((f×g)−1R)r.
∎
Assume t′≤tQ(R)r≤r′ and take q∈Q and h:X→A.
Since t′≤t and r≤r′, h∗(t′)≤h∗(t′) and R↑(h)∗(r)≤R↑(h)∗(r′).
So by Scott tree continuity of q and tQ(R)r, it holds that (t′∈q(h))⊴(t∈q(h))⊴(r∈q(R↑(h)))⊴(r′∈q(R↑(h))).
Take some chain of trees t0≤t1≤t2≤… and assume ∀n,(tnQ(R)rn).
Let q∈Q and h:X→A, then by Scott tree continuity, (⊔ntn∈q(h))=[[q]](h∗(⊔ntn))=[[q]](⊔nh∗(tn))=sup([[q]](h∗(tn))∣n∈N)=sup(tn∈q(h)∣n∈N)⊴sup(rn∈q(R↑(h))∣n∈N).
By the same reasoning in reverse, the last statement is equal to (⊔ntn∈q(R↑(h))), so we are finished.
Assume R,S,f and g as above, and let t,r be such that tQ(R)r.
Take h:A→A and q∈Q, then h∘f:X→A, so (f∗(t)∈q(h))=(t∈q(h∘f))⊴(r∈q(R↑(h∘f))∗(r)).
Now we have that:
(R↑(h∘f))(y)=sup{h(f(x))∣x∈X,xRy}⊴sup{h(f(x))∣x∈X,f(x)Sg(y)}⊴sup{h(a)∣a∈A,aSg(y)}=S↑(h)(g(y)).
So (R↑(h∘f))∗(r)TΣ(⊴)(S↑(h))∗(g∗(r)) and we use leaf-monotonicity to conclude that (f∗(t)∈q(h))⊴(r∈q(R↑(h∘f)))⊴(g∗(r)∈q(S↑(h))).
This follows from the fact that if xRy then R↑(h)(y)⊵h(x), so we can use leaf-monotonicity. Now for the second property.
∎
Using point (iii) of Lemma 5.8 on the assumptions we get f∗(t)Q(Q(S))g∗(r). We can then apply Lemma 5.9 to get the correct result.
2. 2.
We apply the previous property to the following data; t=r=σ(0,1,2,…)∈TN, f(n)=un, g(n)=vn and R=idN. The conclusion follows directly.
∎
A.1 The Howe closure
For any closed relation R we can define the open extension (R)∘ as Γ⊢P…(R)∘R…:E…⇔∀V:Γ,P…[V]RR…[V]. We define two more closure operations.
Definition A.1**.**
Taking an open relation R, we define the compatible refinementR using the derivation rules in Figure 5. For a closed relation R we define the Howe closure(R)∙ as the smallest open relation S closed under the rules:
[TABLE]
Given this definition, a well-typed relation R is compatible if and only if R⊆R. The Howe closure is also the least solution to the equation S=S(R)∘ and the least solution to the inclusion S(R)∘⊆S. We look at some preliminary results, mostly from Lassen [15]:
Lemma A.2**.**
If R is reflexive, then:
(R)∙* is compatible, hence reflexive.*
2. 2.
(R)∘⊆(R)∙.
3. 3.
If Γ,x:B⊢P…(R)∙R… and Γ⊢vV,W:B such that Γ⊢V(R)∙W, then Γ⊢P…[V/x](R)∙R…[W/x]
Proof.
We prove the properties separately.
Since R is reflexive, so is (R)∘. Hence (R)∙=(R)∙id⊆(R)∙(R)∘=(R)∙.
2. 2.
Note that the compatible refinement of a reflexive relation is reflexive. Hence (R)∙ is reflexive, since (R)∙ is. So (R)∘=id(R)∘⊆(R)∙(R)∘=(R)∙.
3. 3.
This requires an induction on the shape of P… (which may be a value or a computation). We leave out Γ in the proof for ease of notation. If {x}⊢P…(R)∙R… then by HC or HV we have {x}⊢P…(R)∙Q… and {x}⊢Q…(R)∘R…. So we know Q…[W/x](R)∘R…[W/x]. We need to prove, P…[V/x](R)∙Q…[W/x]. In each of the cases of P…, {x}⊢P…(R)∙Q… is derived from rule Cn for some number n. This rule has as its premise some sequence of relations P…i(R)∙Q…i. By induction hypothesis we have P…i[V/x](R)∙Q…i[W/x], this is also trivially true in the base cases n∈{1,2,5} since then the sequence is empty. Using Cn we can then derive that P…[V/x](R)∙Q…[W/x]. Hence by HV or HC we get P…[V/x](R)∙R…[W/x]. One can verify that this argument works for each of the cases of Cn.
∎
We can also say something about composing the Howe closure with the original relation, which by Lemma 5.3 works well with our relator.
Lemma A.3**.**
If R is a preorder relation on closed terms, then we have:
If P…(R)∙R… and R…(R)∘Q…, then P…(R)∙C.
2. 2.
For closed terms M,N,K of type FA such that ∣M∣Q((R)∙)∣N∣ and ∣N∣Q((R)∘)∣K∣ we have ∣M∣Q((R)∙)∣K∣.
Proof.
We proof the properties individually.
We use that R is transitive, hence (R)∘ is transitive meaning (R)∘(R)∘⊆(R)∘. Hence with (R)∙=(R)∙(R)∘ we have (R)∙(R)∘=((R)∙(R)∘)(R)∘⊆(R)∙(R)∘=(R)∙.
2. 2.
This follows from applying property 2 of Lemma 5.3 to the previous statement.
∎
A.2 The Howe closure of an applicative Q-simulation
We look at the Howe closure of a Q-simulation preorder R. We assume that Q is a decomposable set of leaf-monotone and Scott tree continuous modalities. The lemmas proven in the previous two subsections are satisfied, hence we know that (R)⊆(R)∙ by Lemma A.2. We prove that (R)∙ is a Q-simulation by explicitly checking the seven conditions from Definition 5.5.
Lemma A.4**.**
If for V,W:N we have V(R)∙W, then V=W.
Proof.
Using the inductive definition of (R)∙ there must be an L:N such that V(R)∙^L and LRW, the latter meaning L=W because of the simulation property. The fact that V(R)∙^L must have come as a conclusion from either C3 or C4. In the first case, V=Z=L and hence V=L=W. In the second case, V=S(V′) and L=S(L′) with V′(R)∙L′, and the proof has been reduced to showing V′=L′, since then V=S(V′)=S(L′)=L=W. We do induction on the structure of V, which cannot go on forever since V is a syntactically finite term. So eventually we get to Z and we can make a conclusion of the form V=nS(V′′)=nS(Z)=nS(L′′)=L=W for some n∈N. That concludes the proof.
∎
The following lemma is evident from the compatibility properties.
Lemma A.5**.**
By compatibility of (R)∙ it holds that:
For V(R)UC∙W we have force(V)(R)C∙force(W).
2. 2.
For M(R)A→C∙N we have ∀V∈Terms(A),M⋅V(R)C∙N⋅V.
3. 3.
For M(R)Πi∈ICi∙N we have ∀j∈I,M⋅j(R)Cj∙N⋅j.
We can easily prove two more simulation properties.
Lemma A.6**.**
If (j,V)(R)Σi∈IAi∙(k,W) then j=k and V(R)Aj∙W.
Proof.
There is a pair (l,L) such that (j,V)(R)Σi∈IAi∙(l,L)(R)∘(k,W). The latter implies l=k and LRW by simulation property. The former statement can only have come from compatible extension rule C13, so j=l and V(R)∙L. We can now use Lemma A.3 to conclude that V(R)∙W.
∎
Lemma A.7**.**
If (V,V′)(R)A×B∙(W,W′) then V(R)A∙W and V′(R)B∙W′.
Proof.
There is a pair (L,L′) such that (V,V′)(R)A×B∙(L,L′)(R)∘(W,W′). The latter implies LRW and L′RW′ by simulation property. The former statement can only have come from compatible extension rule C15, so V(R)∙L and V′(R)∙L′. We can now use Lemma A.3 to conclude that V(R)∙W and V′(R)∙W′.
∎
So all conditions except 6 of being a Q-simulation are satisfied. Condition 6. is the most difficult to prove and requires an induction on the reduction relation of terms.
It requires us to look at terms P…, R… of type FA such that P…(R)∙R…, and prove that ∣P…∣Q((R)∙)∣R…∣. Using Lemma 5.8, this can be reduced to asking ∣P…∣nQ((R)∙)∣R…∣ for all n. This allows us to do an induction on the denotation map ∣P…∣. In general, one would look at the shape of P… and see what it reduces to after one step, so one can use the induction hypothesis. This is a relatively straightforward investigation in the fine-grained call by value case.
For call-by-push-value, we have the problem that effects may occur in any computation type, which is particularly problematic when considering non-producer type. Concretely, it may be that our P…:FA is of the form P…=P…′⋅V where P…′:B→FA and V:B. Now, because P…′ is of a computation type, it may not be of the form λx.M. This is problematic, as we still do not have any clue to what P… might reduce to. To investigate that, we would require another case analysis on P…′, which results in a bureaucratic nightmare. We can say that the application case is uninformative, and we need to continue doing case analysis until we find a term that is not of the form of an application, which we call informative.
Definition A.8**.**
A stack S is called a frame if it does not contain any (−)tox.M parts.
A computation term is uninformative if it is of the form S{M} where S is a non-empty frame. Else it is called informative.
Lemma A.9**.**
For any frame S, if MRN then S{M}RS{N}.
Doing structural induction on P…, we observe the following result.
Lemma A.10**.**
Any computation term P… is of the form S{P…′} where S is a frame and P…′ is an informative term.
Definition A.11**.**
Two frames S and Zmatch when the following statements hold.
If S=ε then Z=ε.
2. 2.
If S=S′∘V then Z=Z′∘V′ where V(R)∙V′ and S′ matches with Z′.
3. 3.
If S=S′∘i then Z=Z′∘i where S′ matches with Z′.
We have the following property.
Lemma A.12**.**
If S{P…′}(R)∙R… then there is a frame Z and a term R…′ such that; S matches Z, P…′(R)∙R…′ and Z{R…′}RR….
Proof.
We do this by induction on the frame. If S=ε, then the statements hold by taking Z=ε and R…′ such that P…′(R)∙R…′RR…, which is possible since ((R)∙)=((R)∙)∘(R). Now for the induction step, assume the statement holds for any smaller frames S′.
S=V∘S′, then S{P…′}=(S′{P…′}⋅V). Now, there is a term Q… such that S{P…′}(R)∙Q…RR…. The statement (S′{P…′}⋅V)(R)∙Q… could only have been derived from rule C12, so we know there are Q…′ and W such that Q…=(Q…′⋅W), S′{P…′}(R)∙Q…′, and V(R)∙W.
We use induction hypothesis on S′{P…′}(R)∙Q…′ to find a term R…′ and frame Z′ such that S′ matches Z′, P…′(R)∙R…′ and Z′{R…′}RQ…′.
Let Z:=W∘Z′, then S and Z match. From Z′{R…′}RQ…′ and simulation rule we have Z{R…′}=(Z′{R…′}⋅W)R(Q…′⋅W)=Q…. With Q…RR… we can conclude that Z{R…′}RR… and from earlier P…′(R)∙R…′. So Z and R…′ have the desired properties.
2. 2.
S=i∘S′, then S{P…′}=(S′{P…′}⋅i). Now, there is a term Q… such that S{P…′}(R)∙Q…RR…. The statement (S′{P…′}⋅i)(R)∙Q… could only have been derived from rule C18, so we know there is a Q…′ such that Q…=(Q…′⋅i) and S′{P…′}(R)∙Q…′.
We use induction hypothesis on S′{P…′}(R)∙Q…′ to find a term R…′ and frame Z′ such that S′ matches Z′, P…′(R)∙R…′ and Z′{R…′}RQ…′.
Let Z:=i∘Z′, then S and Z match. From Z′{R…′}RQ…′ and simulation rule we have Z{R…′}=(Z′{R…′}⋅i)R(Q…′⋅i)=Q…. With Q…RR… we can conclude that Z{R…′}RR… and from earlier P…′(R)∙R…′. So Z and R…′ have the desired properties.
∎
Matching frames are very handy, since they can make use of compatibility:
Lemma A.13**.**
If S matches Z, then for all M(R)∙N we have S{M}(R)∙Z{N}.
The last important property of frames is that it works nicely with respect to the reduction relation.
Lemma A.14**.**
If M⇝N, then ∣S{M}∣=∣S{N}∣ and for any k∈N and any frame S we have ∣S{M}∣k+1=∣S{N}∣k.
Moreover, ∣S{op(M0,M1,…)}∣n+1=op{∣S{M0}∣n,∣S{M1}∣n,…} (same for other effects).
We have the necessary tools to prove the following lemma.
Lemma A.15** (Key Lemma).**
For any n∈N we have: P…(R)∙R…⟹∣P…∣nQ((R)∙)∣R…∣ for any two closed terms P…, R… of type FA.
Proof.
We do an induction on n.
Base case, n=0. Here ∣M∣0=⊥ which is below any other tree. So ∣M∣0Q((R)∙)∣N∣ can be derived by using both reflexivity of Q((R)∙) (Lemma 5.3) and Lemma 5.8.
Induction step(n+1). We assume as the induction hypothesis that for any P…′(R)∙R…′ and k≤n we have ∣P…′∣kQ((R)∙)∣R…′∣. To prove, for any P…(R)∙R… we have ∣P…∣n+1Q((R)∙)∣R…∣.
Assume P…(R)∙R….
We use Lemma A.10 to find a frame S and an informative term P…′ such that P…=S{P…′}.
We then use Lemma A.12 to find matching frame Z together with a term R…′ such that:
Z{R…′}RR… and P…′(R)∙R…′.
We want to prove that ∣P…∣n+1=∣S{P…′}∣n+1Q((R)∙)∣Z{R…′}∣, since then with Z{R…′}RR… we can conclude via Lemma A.3 and simulation property that ∣P…∣n+1Q((R)∙)∣R…∣.
[TABLE]
We do a case distinction on P…′:C, which is informative, so not of the form M⋅V or M⋅i.
We start with the three unfold cases, where the S frame is actively used.
If P…′=return(V):C, which can only be of F-type, so the frame S must be ε as no other frames accept a term of this type. Hence P…′=P… and C=FA.
The matching frame Z must be ε too, ∣P…∣=∣P…′∣=η(V), and return(V)(R)∙R…′=Z{R…′}.
This is only possible from the return compatibility rule C7, meaning R…′=return(W) for some W and V(R)∙W. By Lemma 5.9 we have η(V)Q((R)∙)η(W), hence ∣S{P…}∣n+1=∣P…∣n+1=∣return(V)∣n+1=η(V)Q((R)∙)η(W)=∣return(W)∣=∣R…′∣=∣Z{R…′}∣.
2. 2.
If P…′=λx.M, then for S{P…′} to be of type FA, S must be of the form S′∘V.
Since S matches Z, Z=Z′∘W where S′ matches Z′ and V(R)∙W. The statement P…′=λx.M(R)∙R…′ could only have been derived via the lambda compatibility rule C11, so R…′=λx.N for some N where {x}⊢cM(R)∙N:D. By Lemma A.2 we have that M[V/x](R)∙N[W/x], so we can do the following derivation using the Lemma A.14 and the induction hypothesis:
P…′=⟨Mi∣i∈I⟩, then for S{P…′} to be of type FA, S must be of the form S′∘j.
Since S matches Z, Z=Z′∘j where S′ matches Z′. The statement P…′=⟨Mi∣i∈I⟩(R)∙R…′ could only have been derived via the lambda compatibility rule C17, so R…′=⟨Ni∣i∈I⟩ for some sequence of Ni-s, where ∀i.Mi(R)∙Ni. We can do the following derivation using Lemma A.14 and the induction hypothesis:
P…′=Mtox.N, then ∣P…′∣n+1≤∣M∣n[V↦∣N[V/x]∣n].
Hence ∣P…∣n+1≤∣M∣n[V↦∣S{N[V/x]}∣n]. Now P…′(R)∙R…′ results only from compatibility rule C8, hence R…′=M′tox.N′, M(R)∙M′ and x⊢N(R)∙N′.
So ∣Z{R…′}∣=∣M′∣[W↦∣Z{N′[W/x]}∣].
By induction hypothesis we have ∣M∣nQ((R)∙)∣M′∣ so define
t:=∣M∣n and r=∣M′∣.
From V(R)∙W we get via Lemma A.2 that N[V/x](R)∙N′[W/x], and since S and Z match we have S{N[V/x]}(R)∙Z{N′[W/x]} and hence by induction hypothesis we get ∣S{N[V/x]}∣nQ((R)∙)∣Z{N′[W/x]}∣.
So define
f:V↦∣S{N[V/x]}∣n and g:W↦∣Z{N′[W/x]}∣.
Now t,r,f,g satisfy the conditions of Cor. 5.10, so we conclude that:
P…′=force(V),
then since V is a closed value it must be of the form thunk(M) for some term M,
so P…′⇝M.
Now P…′(R)∙R…′ can only come from compatibility rule C10,
hence R…′=force(W) where V(R)∙W.
From HV we get thunk(M)=V(R)∙LRW for some L, the relation can only come from C9 so L=thunk(K) where M(R)∙K.
By simulation property of R we get force(thunk(K))Rforce(W)=R…′.
By Lemma A.9 we have Z{force(thunk(K))}RZ{R…′}, which then by FA-simulation property implies that ∣Z{K}∣=∣Z{force(thunk(K))}∣Q(RA)∣Z{R…′}∣.
Using the induction hypothesis on S{M}(R)∙Z{K} we get ∣S{M}∣nQ((R)∙)∣Z{K}∣. Combining this with ∣Z{K}∣=∣Z{force(thunk(K))}∣Q(R)∣Z{R…′}∣ using Lemma A.14 and A.3 we get
∣P…∣n+1=∣S{force(thunk(M))}∣n+1=∣S{M}∣nQ((R)∙)∣Z{R…′}∣.
6. 6.
P…′=caseVin{M,S(x)⇒N}:C, then P…′(R)∙R…′ is
only concluded from C4,
hence R…′ is of the form caseV′in{M′,S(x)⇒N′}
for which we have V(R)∙V′, M(R)∙M′ and {x}⊢cN(R)∙N′.
Since V(R)∙V′ we have V=V′ by Lemma A.4. We do a case distinction on V.
(a)
If V=Z=V′, then P…′⇝M
so by Lemma A.14∣P…∣n+1=∣S{M}∣n where since S matches Z,
by induction hypothesis and M(R)∙M′ we have
If V=S(W)=V′,
then P…′⇝N[W/x]
so by Lemma A.14∣P…∣n+1=∣S{N[W/x]}∣n
where by {x}⊢cN(R)∙N′ we have N[W/x](R)∙N′[W/x] (Lemma A.2).
By matching frames and induction hypothesis,
∣S{N[W/x]}∣nQ((R)∙)∣Z{N′[W/x]}∣=∣Z{R…′}∣.
7. 7.
P…′=letVbex.M:C.
The only premises for P…′(R)∙R…′ are given by C6,
from which we know R…′=letWbex.N, where V(R)∙W and {x}⊢M(R)∙N.
From this and Lemma A.2 we have M[V/x](R)∙N[W/x] hence by matching frames and induction hypothesis we get ∣S{M[V/x]}∣nQ((R)∙)∣Z{N[W/x]}∣.
We have P…′⇝M[V/x] hence by Lemma A.14∣P…∣n+1=∣S{M[V/x]}∣n, similarly ∣Z{R…′}∣=∣Z{N[W/x]}∣ so ∣P…∣n+1Q((R)∙)∣Z{R…′}∣.
8. 8.
P…′=fix(M):B→C, we have fix(M)(R)∙R…′ which can only be concluded from C19, hence R…′=fix(M′) where M(R)∙M′. Look at the term {x}⊢cN=x⋅thunk(fix(x)),
by reflexivity we have {x}⊢cN(R)∙N and hence by Lemma A.2 we have N[M/x](R)∙N[M′/x].
Using matching frames and induction hypothesis we can derive ∣S{N[M/x]}∣nQ((R)∙)∣Z{N[M′/x]}∣. Since P…⇝S{N[M/x]} we use Lemma A.14 to get
∣P…∣n+1=∣S{N[M/x]}∣n. Combining this with ∣Z{R…′}∣=∣Z{N[M′/x]}∣ we get the desired conclusion.
9. 9.
P…′=pmVas{…,(i.x).Mi,…}, then P…′(R)∙R…′ can only be from rule C14, hence R…′=pmWas{…,(i.x).Ni,…} where V(R)∙W and for each i we have {x}⊢cMi(R)∙Ni.
As a value from a sum-type, V and W must be of the shape (j,V′) and (k,W′) respectively, where by Lemma A.6 we have j=k and V′(R)∙W′.
Hence P…′⇝Mj[V′/x] and R…′⇝Nj[W′/x], where by Lemma A.2Mj[V′/x](R)∙Nj[W′/x].
We conclude that by induction hypothesis that
∣S{P…′}∣n+1=∣S{Mj[V′/x]}∣nQ((R)∙)∣Z{Nj[W′/x]}∣=∣Z{R…′}∣.
10. 10.
P…′=pmVas(x,y).M, then P…′(R)∙R…′ can only be from rule C16, hence
R…′=pmWas(x,y).N where V(R)∙W and {x,y}⊢cM(R)∙N.
As a value of pair-type, V and W must be of the shape (V0,V1) and (W0,W1) respectively, where by Lemma A.7 we have V0(R)∙W0 and V1(R)∙W1.
Hence P…′⇝M[V0/x,V1/y] and R…′⇝N[W0/x,W1/y], and by Lemma A.2M[V0/x,V1/y](R)∙N[W0/x,W1/y].
We conclude by Lemma A.14 and the induction hypothesis that:
P…′=op(M0,M1,...):C. Then P…′(R)∙R…′ can only be from C20, hence
R…′=op(M0′,M1′,...) where for all i, Mi(R)∙Mi′.
By matching frames and induction hypothesis, ∣S{Mi}∣nQ((R)∙)∣Z{Mi′}∣,
hence by Lemma A.14:
∣P…∣n+1=∣S{P…′}∣n+1=∣op(S{M0},S{M1},...)∣n+1=op{i↦∣S{Mi}∣n}Q((R)∙)op{i↦∣Z{Mi′}∣}=∣Z{R…′}∣ by Cor. 5.10 and Lemma A.14.
12. 12.
P…′=op(x.M):C where x:N⊢cM:C. Then P…′(R)∙R…′ can only be from C21, hence R…′=op(x.N) where M(R)∙N.
Hence for all k:N we have M[k/x](R)∙N[k/x]
and hence by matching frames and induction hypothesis ∣S{M[k/x]}∣nQ((R)∙)∣Z{N[k/x]}∣. Hence by Lemma A.14 and Cor. 5.10 it holds that
In the cases where P…′ is op(V,...), from compatibility rules C22 we know R…′=op(V′,...) where V(R)∙V′ hence V=V′. The rest of the proof is similar to case (xi).
That finishes the case distinction, so we know that for any shape of P…′ it holds that ∣S{P…′}∣n+1Q((R)∙)∣Z{R…′}∣. As was discussed before, this is sufficient in establishing that ∣P…∣n+1Q((R)∙)∣R…∣, and hence this finishes the induction step. So the proof by induction has been finished.
∎
We can conclude that M(R)∙N⇒∣M∣Q((R)∙)∣N∣ for closed terms of type FA. As such, we can conclude:
Lemma A.16** (Main Lemma).**
Given a Scott open and decompositional Q, then the Howe closure of a Q-simulation is a Q simulation.
In particular, the Howe’s closure of Q-similarity is a Q-simulation, and hence the Q-similarity itself.
Since the Howe’s closure of a preorder is itself compatible, we can can conclude that the Q-similarity is compatible.
We can now derive Theorem 5.11 as stated in Section 5.1, with the same method as in [28].
The bisimilarity part of this result is established using what is known as the transitive closure trick (see e.g. [28]).
Bibliography29
The reference list from the paper itself. Each links out to its DOI / PubMed record.
1[1] Samson Abramsky. The lazy λ 𝜆 \lambda -calculus. Research Topics in Functional Programming , pages 65–117, 1990.
2[2] A. Arnold and M. Nivat. Metric interpretations of infinite trees and semantics of non deterministic recursive programs. Theoretical Computer Science , 11(2):181 – 205, 1980.
3[3] Ugo Dal Lago, Francesco Gavazzo, and Paul Blain Levy. Effectful applicative bisimilarity: Monads, relators, and Howe’s method. Logic in Computer Science , pages 1–12, 2017.
4[4] Martín Hötzel Escardó. A metric model of PCF, 1999. In: Workshop on Realizability Semantics and Applications.
5[5] Matthias Felleisen and Daniel P. Friedman. Control operators, the secd-machine, and the [1]-calculus. Formal Description of Programming Concepts , pages 193–217, 1986.
6[6] Marcelo Fiore and Sam Staton. Substitution, jumps, and algebraic effects. In Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS) , CSL-LICS ’14, pages 41:1–41:10, New York, NY, USA, 2014. ACM.
7[7] Francesco Gavazzo. Quantitative behavioural reasoning for higher-order effectful programs: Applicative distances. LICS 2018 , 2018.
8[8] Ichiro Hasuo. Generic weakest precondition semantics from monads enriched with order. Theor. Comput. Sci. , 604(C):2–29, November 2015.