Electronic Notes in Theoretical Computer Science (1995) URL: http://www.elsevier.nl/locate/entcs/volume1.html 12 pages A fully abstract semantics for a nondeterministic functional language with monadic types Alan Je rey School of Cognitive and Computing Sciences University of Sussex, Brighton BN1 9QH, UK alanje@cogs.susx.ac.uk Abstract This paper presents a functional programming language, based on Moggi's monadic metalanguage In the rst part of this paper, we show how the language can be regarded as a monad on a category of signatures, and that the resulting category of algebras is equivalent to the category of computationally cartesian closed categories In the second part, we extend the language to include a nondeterministic operational semantics, and show that the lower powerdomain semantics is fully abstract for may-testing Introduction Moggi has proposed strong monads as an appropriate way to model computation In 9], he shows that any model of computation satisfying certain equations forms a strong monad His work concentrates on the denotational properties of programs, whereas we shall show how his work can be applied to an operational semantics In the rst section of this paper, we present a slight variant on his functional monadic metalanguage and show that its algebras are equivalent to strong monads with T -exponentials This language di ers from Moggi's in the way that pairing is handled, in particular our language has the properties: any closed term of unit type is (up to syntactic identity) the distinguished element , any closed term of pairing type is (up to syntactic identity) a pair (e f ), any closed term of function type is (up to syntactic identity) a -term x : e This work is funded by SERC project GR/H 16537, and is carried out in the context of Esprit BRA 7166 Concur c 1995 Elsevier Science B V Jeffrey Moggi's language has these properties, but only up to provable equality, and not syntactic identity Having these properties true up to syntactic identity is very useful in the second section, where we present an operational semantics for a monadic language with nondeterminism, and show that the fully abstract semantics for this language is given by a powerdomain semantics The operational semantics for the monadic language is much simpler than the call-by-value language, since the type structure allows ne control over the syntactic form of terms For example, the only operational rule required for function application is -reduction We not need any operational rules for which contexts reduction is allowed in, since this is taken care of by the type discipline The monadic type system also makes it easier to show full abstraction for the nondeterministic language, since it gives contexts more power over how expressions are evaluated Algebras In this section, we present three languages for data and computation, and show that their algebras correspond to well-known categorical structures 2.1 Algebraic datatypes A (many-sorted ) signature (ranged over by ) is a set of sorts (ranged over by A, B and C ) and a set of constructors (ranged over by c) together with a sorting c : A1 : : : An ! A A signature morphism is a mapping between sorts and constructors with respects sorting Let Sig be the category of signatures with signature morphisms Given a signature , we can de ne the language ST of syntax trees over as: e ::= j c(e1 : : : en) j (e e) j v v ::= x j v:l j v:r where x ranges over a set of variables We shall call expressions v lvalues We can give ST a static type system, with types: ::= I j A] j and type judgements of the form ` e : given by rules: `e: `f: ` :I ` (e f ) : ` e1 : A1] ` en : An] c : A1 : : : An ! A] ` c(e1 : : : en ) : A] `v:( ) `v:( ) ` v:l : ` v:r : `y: x: `x: x : ` y : x 6= y] where ranges over contexts of the form x1 : : : : xn : n Jeffrey Note that we are only allowing projections v:l and v:r on lvalues, and not on arbitrary terms, since this would not allow us to have the following useful properties: any term of type I is either an lvalue or , any term of type A] is either an lvalue or of the form c(e1 : : : en), and any term of type is either an lvalue or of the form (e f ) However, whenever ` e : , we can de ne ` e : and ` 0e : as syntactic sugar, e is either an lvalue or a pair: 0 v = v:l v = v:r (f g) = f (f g) = g ST is itself a signature, with types as sorts and judgements (x1 : : : : xn : n ` e : ) as constructors ~ ! , viewed up to the congruence given by (when y is fresh): ( ` x : I) = ( ` : I) ( ` (v:l v:r) : )=( ` v : ) 0 ( x: ` e : )=( y : ` e y=x] : ) Note that these equations only involve open terms, so closed terms are viewed up to syntactic identity Any signature morphism f : ! can be homomorphically extended to a signature morphism ST f : ST ! ST It is routine to verify that ST : Sig ! Sig is a functor Whenever ~x : ~ ` e : and ` f~ : ~ we can de ne the substitution ` e f~=~x] : by its action on lvalues (when x 6= y ): v:l f~=~x] = (v f~=~x]) v:r f~=~x] = 0(v f~=~x]) y f~ f=~x x] = y f~=~x] x f~ f=~x x] = f We can de ne : ! ST as the injection : A 7! A] (c : A1 : : : An ! A) 7! (x1 : A1] : : : xn : An] ` c(x1 : : : xn) : A]) and : ST2 ! ST as the substitution map given homomorphically by: ] 7! (~x : ~ ` e : )(f~) 7! e f~=~x] It is routine to verify that ST is a monad Since we have de ned by injection and by substitution, it is reasonable to view the denotational models for ST as being ST-algebras, that is a signature with a morphism ] : ST ! such that: ] = id ] = ST ]] ] The rst equation says that the denotation of each constructor in should be itself, and the second that the semantics respects substition, and so is denotational Let ST-Alg be the category of all ST-algebras, together with morphisms which respect ] Let CCat be the category of small categories with distinguished nite products, and functors which respect the product structure Proposition 2.1 ST-Alg is equivalent to CCat Jeffrey 2.2 Monadic metalanguage We shall now add a notion of computation to our language of data, using Moggi's 9] typed monadic language To this, we extend ST to the monadic metalanguage, MML by adding two new expression constructions: e ::= j e] j let x ( e in e These are: e] is a computation which immediately terminates with result e This is similar to `exit' in LOTOS 1], and `return' in Concurrent ML 13,14] let x ( e in f is a computation which evaluates e until it returns a value, which is then bound to x in f For example, let x ( zero] in succ x] is the same as succ zero] We also extend the type system by adding a new type constructor for computations: ::= j C and statically typing MML as: `e:C x: `f :C `e: ` e] : C ` let x ( e in f : C Then MML forms a monad in the same way as ST does, with the addition of Moggi's 9] axioms (when x is not free in g): ( ` let y ( f in g : C ) = ( ` let x ( f in g x=y] : C ) ( ` let x ( e] in f : C ) = ( ` f e=x] : C ) ( ` let x ( e in x] : C ) = ( ` e : C ) ( ` let y ( (let x ( e in f ) in g : C ) = ( ` let x ( e in (let y ( f in g) : C ) Let SMon be the category of small categories with strong monads, together with functors which respect the monadic structure The next proposition shows that the MML-algebras are precisely strong monads (hence the name `monadic metalanguage') This result is due largely to Moggi 9] Proposition 2.2 MML-Alg is equivalent to SMon 2.3 Partial functions We extend MML to the functional monadic metalanguage, MML by adding -binding and function application: e ::= j x : e j ee We also extend the type system by adding a new type constructor for functions: := j ! C and statically typing MML as: ` e : !C f : x : `e:C ` x:e : !C ` ef : C Jeffrey Note that we are only allowing functions to return computations, for example there is no type I ! I , only I ! C I This corresponds to our intuition that the only terms which involve computation are terms of type C , and this would not be true if we allowed functions to return arbitrary type This restriction also allows us to show that: any term of type ! C is either an lvalue or of the form x : e Note that we have no similar result about terms of type C Then MML forms a monad in the same way as MML does, with the addition of the standard , and axioms for functions (when y is not free in e): ( ` x : e : ! C ) = ( ` y : e y=x] : ! C ) ( ` ( x : e)f : C ) = ( ` e f=x] : C ) ( ` y : (ey) : ! C ) = ( ` e : ! C ) A category C is computationally cartesian closed i it has a strong monad T : C ! C, and for each objects X and Y there is an object TY X such that there is a natural isomorphism: curry : C X Y TZ ] ! C X TZ Y ] Let CCCC be the category of small computationally cartesian closed categories together with functors which respect the monadic and T -exponential structure Proposition 2.3 MML -Alg is equivalent to CCCC Nondeterminism In this section, we extend the monadic metalanguage with the structure of a nondeterministic programming language We present an operational semantics for this language, and show that a powerdomain semantics is fully abstract for may-testing for this language 3.1 Syntax A signature has booleans i it has a sort bool with constructors true false : !bool A signature has deconstructors i it has a set of deconstructors ranged ~ over by d with sorting d : A ! A Let SigBD be the category of signatures with booleans and deconstructors, together with morphisms which respect the booleans, constructors, deconstructors, and sorting Given a signature with deconstructors and booleans, the nondeterministic monadic metalanguage NMML extends MML with expressions: e ::= j if e then e else e j d~e j j e e j x(x = e) Jeffrey and type judgements: ` e : bool] `f :C `g:C ` if e then f else g : C ` en : An] d : A : : : An ! A] `e : A ] ` d(e : : : en) : C A] `e:C `f :C ` :C `e2f :C 1 1 x:C `e:C ` x(x = e) : C Note that deconstructors and if-statements are of computation type 3.2 Operational semantics In order to give an operational semantics for NMML , we need an operational semantics for the deconstructors of This is given as a higher-order unlabeled value production system, that is: { e0, and an internal transition relation e ! p a termination relation e ! e0 such that: { e0 then ` e : C and ` e0 : C for some , if e p! ifpe ! e0 then ` e : C and ` e0 : for some , ! isp deterministic, and { if e ! then e ! Given an operational semantics for terms of the form d~e, we can extend it to an operational semantics for closed terms of NMML with: p e e] ! e let x ( e in f p !{{ e ! let x ( e in f e !g { f g=x] let x ( e in f ! 0 !f !g if true then f else g { if false then f else g { !{ e f=x] x(x = e) !{ e x(x = e)=x] { f { e f ! e !e f !f e ! { { { { f] e2f !e 2f e2f !e2f e2f ! e] e2f ! A (higher order, weak ) simulation on NMML is a type-indexed family of relations R f(e f ) j ` e f : g such that: if e R A f then e = f if (e e ) R (f f ) then e R f and e R f , if ( x : e) R C ( y : f ) then for all ` g : we have e g=x] RC f g=y], { e then f ! { f and e R f , and if e RC f and e ! C { if e RC f and e ! e then f ! ! f and e R f ( x : e)f p 0 p 0 0 ] 0 0 ! p 0 p 0 0 0 Jeffrey A bisimulation is a weak simulation whose inverse is a weak simulation Write j= = : i there is a bisimulation R such that R Write : j= = : i for every ` : we have j= ]= ]: Howe 6] has shown a technique for proving that simulation for a class of lazy functional languages is substitutive In an unpublished paper 5], Howe has also shown that bisimulation is a congruence (this result was communicated to the author by Andy Pitts) This technique can be used to show that bisimulation is a congruence for NMML Proposition 3.1 Bisimulation is a congruence for NMML We can show that NMML forms a signature in the same way as MML , except that we view terms up to bisimulation It is routine to verify that NMML is a monad on SigBD Any NMML-algebra is an MML -algebra since we can exhibit bisimulations for (when is not free in ): j= = : j= ( l r) = : j= let ( ] in = ]:C j= let ( in ] = : C j= let ( (let ( in ) in = let ( in (let ( in ) : C j= ( ) = ]:C j= ( )= : !C For any ` : , de ne the may-testing preorder as j= vO : i ] =) implies ] =) for any closing context of type C e f e f ~ g ~ e ~ g =~ x f y x v: x x y x e e e f v: p C e e f e g I f x f e=x e g gy x e y f g e f =x g e p C f ~ v x :e f y : ~ x f ~ g =~ x C f I 3.3 Denotational semantics Let Alg be the category of algebraic dcpo's, together with continuous morphisms (we are not requiring dcpo's to have least elements) Let Alg be the category of algebraic dcpo's with all nite joins, together with continuous morphisms which respect the joins Let P : Alg ! Alg be the lower powerdomain functor given by the adjunction Alg F! Alg U! Alg This forms Sa strong monad with P -exponentials, where X = f g : X ! P X and : P 2X ! X (Note that these exponentials exist even though Alg is X = not cartesian closed, since we are only considering functions whose target is an object in Alg ) Alg is a signature with booleans and deconstructors, since it has objects as sorts, morphisms f : X1 Xn ! X as constructors, morphisms f : X1 Xn ! P X as deconstructors, and a sort + with constructors : ! + Since P is a strong monad on Alg with P -exponentials, we therefore have a denotational semantics ] : MML Alg ! Alg given by Proposition 2.3.The semantics for NMML Alg extends this with: ` : C ] =? ` e f : C ] = ` e : C ]] _ `f :C ] ` x(x = e) : C ] = the least xed pt of f 7! hid f i x : C ` e : C ]] ` if e then f else g : C ] = hid ` e : bool]]]i dist `f :C ] ` g C ]] ?_ ?_ ?_ Jeffrey where dist : X (1 + 1) ! X + X is the distributivity morphism For any , if there is a morphism ] : ! Alg then we can extend this to NMML as: NMML NMML ! NMML ]] Alg ! ]] Alg A semantics ] : ! Alg is adequate i : p _ ` d~e : C A]]] = f ` f ] : C A]]] j d~e =) f g A semantics ] : ! Alg is expressive i for any compact a A] we can nd terms isa and testa such that: ` isa : A]]] = a ` testa : A] ! C I ] = (a ) ?) A semantics ] : NMML ! Alg is correct i : `e: ] ` f : ]] implies j= e vO f : The semantics for NMML is fully abstract i : `e: ] ` f : ]] i j= e vO f : The rest of this section shows that if a semantics for is adequate then its extension to NMML is correct, and that if a semantics for is adequate and expressive, then its extension to NMML is fully abstract 3.4 Program logic In order to show the relationship between the operational and denotational semantics of NMML , we shall use a program logic similar to that used by Abramsky 2] and Ong 11] in modelling the untyped -calculus, based on Abramsky's 3] domain theory in logical form This logic is similar to Ong's 10] logic for an untyped nondeterministic calculus Since we are looking at may-testing rather than simulation, we only have conjunction in the logic, and not disjunction, and only one modality rather than two The program logic for NMML has propositions: ::= j ( ) j jaj j ! j ^ j ] j ) These can be statically typed, so the propositions for type are those where :L : :L :L : LI ( ) : L( ) jaj : L A] : L(C ) a A]] a is compact] : L(C ) :L ! : L(C ) ^ : L(C ) ] : L(C ) : L( ! C ) : L( ! C ) :L : L(C ) ! : L( ! C ) ^ : L( ! C ) ) : L( ! C ) Jeffrey The operational characterization of the logic has judgements j= e : given by: j= e : j= f : a ` e : A]]] j= : j= (e f ) : ( ) j= e : jaj j= e : j= e : j= e : ! j= e : ^ p e ! e0 j= e0 : e ! f j= f : 8j= f : : j= ef : j= e : j= f : ] j= e : ) This can be generalized to open terms as: ~x : ~ j= e : i 8j= f~ : ~ : j= e f~=~x] : { Let range over propositional contexts of the form x1 : : : : x : , and write : L for: (x1 : : : : x : ) : L(x1 : : : : x : ) i : L : : : : L n n n n n n n n We can also de ne a denotational semantics for propositions, so that if : L then ]] ] : ]=? ( !] = ? Whenever ( 1] : : : n ^ : L , we can de ne ]) Proposition 3.2 jaj]] =a ]]] = ] )]] = ( ] ] ) ] = ]] _ ] ] a ] is compact i ]] = ] ) ] ) ] as: x1 : : L : a = ] ::: x : n n ] = 3.5 Proof system In order to relate the denotational and operational characterizations of the program logic, we shall use an intermediate proof system This is a sequent calculus with judgements of the form ` e : where ` e : , : L and :L Let be the preorder on propositions given by: ! is the top element, and ( ^ ) is meet ( ), ] and ( ) ) are monotone ( ) ) preserves ! and ^ j j and ( ) ) are anti-monotone Proposition 3.3 i ]] ] Jeffrey We can then de ne the proof system for NMML as: ] ` c~e : A]]] ] ] ` d~e : C A]]] ] ` c~e : ` d~e : `e: `x: ] `e: x: `x: y : ` x : x 6= y] `e: `f : ` : ` (e f ) : ( ) `e: `e: `e:! `e: ^ `e: `e: ] x: `f : ` e] : ] ` let x ( e in f : x: `e: `e: ) `f : `e: `f : ` x:e: ) ` ef : `e2f : ^ ` e : jtj `f: ` e : jf j `g: ` if e then f else g : ` if e then f else g : ` x(x = e) : x: `e: ` x(x = e) : Note that all of the structural rules for the proof system, such as weakening and contraction, have been absorbed into the de nition of Proposition 3.4 `e: i ] ` e : ]] ] 3.6 Full abstraction We can now show that the semantics for NMML is fully abstract We begin by showing that if is expressive, then so is NMML Let term be de ned: termI = term ( ) = (term term ) term A jaj = isa termC ! = termC ( ^ ) = termC termC termC ] = term ] term !C ! = x : term !C ( ^ ) = x : (term !C )x (term !C )x termI !C ( ) ) = x : termC term !C (( ) ) ) = x : let y ( (term !C I ( ) ]))(x:l) in(term !C ( ) ))(x:r) term A !C (jaj ) ) = x : let y ( (testax) in termC term !C (! ) ) = x : termC 10 ] ] Jeffrey term !C ( ) = x : let y ( term !C I ( ) ])x in term !C ( ) )x termC !C ( ] ) ) = x : let y ( x in term !C y term !C !C (( ) ) ) ) = x : (termC !C ( ) ))(x(term )) We can then verify that: ] = ` term : ] This expressivity result is used in showing that the semantics for NMML is fully abstract The relationship between expressivity and full abstraction has been long known 8,12] In Section 3.5 we showed that the denotational characterization and proof system for the program logic were equivalent: `e: i ] `e: ] ] We can extend this to show (as long as the semantics for is adequate and expressive) that: ` e : implies j= e : implies ]] `e: ] ] and so the operational characterization of the program logic is equivalent to the denotational characterization and to the proof system From this we prove full abstraction ( ^ ) ) Theorem 3.5 (full abstraction) (i) If a semantics for is adequate, then its extension to NMML is correct (ii) If a semantics for is expressive and adequate then its extension to NMML is fully abstract Further work The results given here are part of a larger paper 7], which builds on the results presented here to give an operational and fully abstract denotational semantics for a typed higher-order concurrent language based on Concurrent ML The techniques presented here can be applied to concurrent systems, and in particular the program logic for the concurrent language is a modal logic similar to Hennessy's program logic for untyped higher-order concurrency 4] The author is currently working on applying these techniques to the ISO communications protocol speci cation language LOTOS 1], as part of the development of an extended LOTOS standard Acknowledgement Many thanks to Bill Ferreira, Matthew Hennessy, and Edmund Robinson for long discussions on this material Thanks to Andy Pitts for pointing out the proof that higher-order bisimulation is a congruence 11 Jeffrey References 1] ISO 8807 LOTOS|A formal description technique based on the temporal ordering of observational behaviour, 1989 2] Samson Abramsky The lazy lambda calculus In David Turner, editor, Declarative Programming Addison-Wesley, 1989 3] Samson Abramsky Domain theory in logical form Ann Pure Appl Logic, 51:1{77, 1991 4] Matthew Hennessy A denotational model for higher-order processes Technical Report 6/92, University of Sussex, 1992 5] Douglas Howe Proving congruence of simulation orderings in functional languages Unpublished manuscript, 1989 6] Douglas J Howe Equality in lazy computation systems In Proc LICS 89, pages 198{203, 1989 7] Alan Je rey A fully abstract semantics for a higher-order functional conurrent language Technical report, University of Sussex, 1994 In preparation 8] Robin Milner Fully abstract semantics of typed -calculi Theoret Comput Sci., 4:1{22, 1977 9] Eugenio Moggi Notions of computation and mondad Inform and Computing, 93:55{92, 1991 10] C.-H L Ong Non-determinism in a functional setting In Proc LICS 93, pages 275{286 IEEE Computer Soc Press, 1993 11] C.-H Luke Ong The Lazy Lambda Calculus: An Investigation into the Foundations of Functional Programming PhD thesis, Imperial College, London University, 1988 12] Gordon Plotkin LCF considered as a programming language Theoret Comput Sci., 5:223{256, 1977 13] J H Reppy A higher-order concurrent langauge In Proc SIGPLAN 91, pages 294{305, 1991 14] J H Reppy Higher-Order Concurrency Ph.D thesis, Cornell University, 1992 12 ... present an operational semantics for a monadic language with nondeterminism, and show that the fully abstract semantics for this language is given by a powerdomain semantics The operational semantics. .. monadic metalanguage with the structure of a nondeterministic programming language We present an operational semantics for this language, and show that a powerdomain semantics is fully abstract. .. three languages for data and computation, and show that their algebras correspond to well-known categorical structures 2.1 Algebraic datatypes A (many-sorted ) signature (ranged over by ) is a set