Behavioural Equivalence via Modalities for Algebraic Effects
 4 Citations
 1 Mentions
 7k Downloads
Abstract
The paper investigates behavioural equivalence between programs in a callbyvalue functional language extended with a signature of (algebraic) effecttriggering operations. Two programs are considered as being behaviourally equivalent if they enjoy the same behavioural properties. To formulate this, we define a logic whose formulas specify behavioural properties. A crucial ingredient is a collection of modalities expressing effectspecific aspects of behaviour. We give a general theory of such modalities. If two conditions, openness and decomposability, are satisfied by the modalities then the logically specified behavioural equivalence coincides with a modalitydefined notion of applicative bisimilarity, which can be proven to be a congruence by a generalisation of Howe’s method. We show that the openness and decomposability conditions hold for several examples of algebraic effects: nondeterminism, probabilistic choice, global store and input/output.
1 Introduction
The notion of behavioural equivalence between programs is a fundamental concept in the theory of programming languages. A conceptually natural approach to defining behavioural equivalence is to consider two programs as being equivalent if they enjoy the same ‘behavioural properties’. This can be made precise by specifying a behavioural logic whose formulas express behavioural properties. Two programs M, N are then defined to be equivalent if, for all formulas \(\varPhi \), it holds that \(M~\models ~ \varPhi \) iff \(N~\models ~\varPhi \) (where \(M \, \models \, \varPhi \) expresses the satisfaction relation: program M enjoys property \(\varPhi \)).
This logical approach to defining behavioural equivalence has been particularly prominent in concurrency theory, where the classic result is that the equivalence defined by HennessyMilner logic [4] coincides with bisimilarity [14, 17]. The aim of the present paper is to adapt the logical approach to the very different computational paradigm of applicative programming with effects.
More precisely, we consider a callbyvalue functional programming language with algebraic effects in the sense of Plotkin and Power [21]. Broadly speaking, effects are those aspects of computation that involve a program interacting with its ‘environment’; for example: nondeterminism, probabilistic choice (in both cases, the choice is deferred to the environment); input/output; mutable store (the machine state is modified); control operations such as exceptions, jumps and handlers (which interact with the continuation in the evaluation process); etc. Such general effects collectively enjoy common properties identified in the work of Moggi on monads [15]. Among them, algebraic effects play a special role. They can be included in a programming language by adding effecttriggering operations, whose ‘algebraic’ nature means that effects act independently of the continuation. From the aforementioned examples of effects, only jumps and handlers are nonalgebraic. Thus the notion of algebraic effect covers a broad range of effectful computational behaviour. Callbyvalue functional languages provide a natural context for exploring effectful programming. From a theoretical viewpoint, other programming paradigms are subsumed; for example, imperative programs can be recast as effectful functional ones. From a practical viewpoint, the combination of effects with callbyvalue leads to the natural programming style supported by impure functional languages such as OCaml.
In order to focus on the main contributions of the paper (the behavioural logic and its induced behavioural equivalence), we instantiate “callbyvalue functional language with algebraic effects” using a very simple language. Our language is a simplytyped \(\lambda \)calculus with a base type of natural numbers, general recursion, callbyvalue function evaluation, and algebraic effects, similar to [21]; although, for technical convenience, we adopt the (equivalent) formulation of finegrained callbyvalue [13]. The language is defined precisely in Sect. 2. Following [8, 21], an operational semantics is given that evaluates programs to effect trees.
Section 3 introduces the behavioural logic. In our impure functional setting, the evaluation of a program of type \(\tau \) results in a computational process that may or may not invoke effects, and which may or may not terminate with a return value of type \(\tau \). The key ingredient in our logic is an effectspecific family \(\mathcal {O}\) of modalities, where each modality \(o \in \mathcal {O}\) converts a property \(\phi \) of values of type \(\tau \) to a property \(o\,\phi \) of general programs (called computations) of type \(\tau \). The idea is that such modalities capture all relevant effectspecific behavioural properties of the effects under consideration.
A main contribution of the paper is to give a general framework for defining such effect modalities, applicable across a wide range of algebraic effects. The general setting is that we have a signature \(\varSigma \) of effect operations, which determines the programming language, and a collection \(\mathcal {O}\) of modalities, which determines the behavioural logic. In order to specify the semantics of the logic, we require each modality to be assigned a set of unittype effect trees, which determines the meaning of the modality. Several concrete examples and a detailed general explanation are given in Sect. 3.
In Sect. 4, we consider the relation of behavioural equivalence between programs determined by the logic. A fundamental wellbehavedness property is that any reasonable program equivalence should be a congruence with respect to the syntactic constructs of the programming language. Our main theorem (Theorem 1) is that, under two conditions on the collection \(\mathcal {O}\) of modalities, which hold for all the examples of effects we consider, the logically induced behavioural equivalence is indeed a congruence.
In order to prove Theorem 1, we develop an alternative perspective on behavioural equivalence, which is of interest in its own right. In Sect. 5 we show how the modalities \(\mathcal {O}\) determine a relation of applicative \(\mathcal {O}\)bisimilarity, which is an effectsensitive version of Abramsky’s notion of applicative bisimilarity [1]. Theorem 2 shows that applicative \(\mathcal {O}\)bisimilarity coincides with the logically defined relation of behavioural equivalence.
The proof of Theorem 1 is then concluded in Sect. 6, where we use Howe’s method [5, 6] to show that applicative \(\mathcal {O}\)bisimilarity is a congruence. Although the proof is technically involved, we give only a brief outline, as the details closely follow the recent paper [9], in which Howe’s method is applied to an untyped language with general algebraic effects.
In Sect. 7, we present a variation on our behavioural logic, in which we make the syntax of logical formulas independent of the syntax of the programming language.
Finally, in Sect. 8 we discuss related and further work.
2 A Simple Programming Language
As motivated in the introduction, our chosen base language is a simplytyped callbyvalue functional language with general recursion and a ground type of natural numbers, to which we add (algebraic) effecttriggering operations. This means that our language is a callbyvalue variant of PCF [20], extended with algebraic effects, resulting in a language similar to the one considered in [21]. In order to simplify the technical treatment of the language, we present it in the style of finegrained callbyvalue [13]. This means that we make a syntactic distinction between values and computations, representing the static and dynamic aspects of the language respectively. Furthermore, all sequencing of computations is performed using a single language construct, the \(~\mathbf{let }~\) construct. The resulting language is straightforwardly intertranslatable with the more traditional callbyvalue formulation. But the encapsulation of all sequencing within a single construct has the benefit of avoiding redundancy in proofs.
Our types are just the simple types obtained by iterating the function type construction over two base types: \(\mathbf N \) of natural numbers, and also a unit type \(\mathbf {1}\).
Types: \(\tau ,\rho :\,\!:= ~ \mathbf {1}\)  \(\mathbf N \)  \(\rho \rightarrow \tau \)
Contexts: \(\varGamma :\,\!:= ~ \emptyset \)  \(\varGamma , \,x : \tau \)
As usual, term variables x are taken from a countablyinfinite stock of such variables, and the context \(\varGamma , \, x : \tau \) can only be formed if the variable x does not already appear in \(\varGamma \).
As discussed above, program terms are separated into two mutually defined but disjoint categories: values and computations.
Values: \(V,W :\,\!:= ~ *\)  Z  S(V)  \(\lambda x.M\)  x
Computations: \(M,N :\,\!:= ~VW\)  return V  let \(M \Rightarrow x\) in N  fix (V) 
case V in \(\{Z \Rightarrow M, S(x) \Rightarrow N\}\)
Here, \(*\) is the unique value of the unit type. The values of the type of natural numbers are the numerals represented using zero Z and successor S. The values of function type are the \(\lambda \)abstractions. And a variable x can be considered a value, because, under the callbyvalue evaluation strategy of the language, it can only be instantiated with a value.
The computations are: function application VW; the computation that does nothing but return a value V; a \({~\mathbf{let }~}\) construct for sequencing; a \(\mathbf{fix }\) construct for recursive definition; and a \(\mathbf{case }\) construct that branches according to whether its naturalnumber argument is zero or positive. The computation \(~\mathbf{let }~M~\Rightarrow ~x~\mathbf{in }~N\) implements sequencing in the following sense. First the computation M is evaluated. Only in the case that the evaluation of M terminates, with return value V, does the thread of execution continue to N. In this case, the computation N[V/x] is evaluated, and its return value (if any) is the one returned by the \(~\mathbf{let }~\) construct.
Effects: \(\sigma (M_0,M_1,\dots ,M_{n1})\)  \(\sigma (V;M_0,M_1,\dots ,M_{n1})\)  \(\sigma (V)\)  \(\sigma (W;V)\)
Motivating examples of effect operations and their computation terms can be found in Examples 0–5 below.
The terms of type \(\tau \) are the values and computations generated by the constructors above. Every term has a unique aspect as either a value or computation. We write \(\textit{Val}(\tau )\) and \(\textit{Com}(\tau )\) respectively for closed values and computations. So the closed terms of \(\tau \) are \(\textit{Term}(\tau ) = \textit{Val}(\tau ) \cup \textit{Com}(\tau )\). For \(n \in \mathbb {N}\) a natural number, we write \(\overline{n}\) for the numeral \(S^n(Z)\), hence \(Val(\mathbf N ) := \{\overline{n} \,\, n \in \mathbb {N}\}\).
We now consider some standard signatures of computationally interesting effect operations, which will be used as running examples throughout the paper. (We use the same examples as in [8].)
Example 0
(Pure functional computation). This is the trivial case (from an effect point of view) in which the signature \(\varSigma \) of effect operations is empty. The resulting language is a callbyvalue variant of PCF [20].
Example 1
(Error). We take a set of error labels E. For each \(e \in E\) there is an effect operator \(\textit{raise}_e: \alpha ^0 \rightarrow \alpha \) which, when invoked by the computation \(\textit{raise}_e()\), aborts evaluation and outputs e as an error message.
Example 2
(Nondeterminism). There is a binary choice operator \(\textit{or}: \alpha ^2 \rightarrow \alpha \) which gives two options for continuing the computation. The choice of continuation is under the control of some external agent, which one may wish to model as being cooperative (angelic), antagonistic (demonic), or neutral.
Example 3
(Probabilistic choice). Again there is a single binary choice operator \(\textit{por}: \alpha ^2 \rightarrow \alpha \) which gives two options for continuing the computation. In this case, the choice of continuation is probabilistic, with a \(\frac{1}{2}\) probability of either option being chosen. Other weighted probabilistic choices can be programmed in terms of this fair choice operation.
Example 4
(Global store). We take a set of locations L for storing natural numbers. For each \(l \in L\) we have \(\textit{lookup}_l: \alpha ^\mathbf{N } \rightarrow \alpha \) and \(\textit{update}_l: \mathbf N \times \alpha \rightarrow \alpha \). The computation \(\textit{lookup}_l(V)\) looks up the number at location l and passes it as an argument to the function V, and \(\textit{update}_l(\overline{n};M)\) stores n at l and then continues with the computation M.
Example 5
(Input/output). Here we have two operators, \(\textit{read}: \alpha ^\mathbf{N } \rightarrow \alpha \) which reads a number from an input channel and passes it as the argument to a function, and \(\textit{write}: \mathbf N \times \alpha \rightarrow \alpha \) which outputs a number (the first argument) and then continues as the computation given as the second argument.
We next present an operational semantics for our language, under which a computation term evaluates to an effect tree: essentially, a coinductively generated term using operations from \(\varSigma \), and with values and \(\bot \) (nontermination) as the generators. This idea appears in [8, 21], and our technical treatment follows approach of the latter, adapted to callbyvalue.
Stacks \(S :\,\!:= ~ \textit{id} \;\;  \;\; S \circ ({~\mathbf{let }~}~() \Rightarrow x~\mathbf{ in }~M)\)
Definition 1
An effect tree (henceforth tree), over a set X, determined by a signature \(\varSigma \) of effect operations, is a labelled and possibly infinite tree whose nodes have the possible forms.
 1.
A leaf node labelled with \(\bot \) (the symbol for nontermination).
 2.
A leaf node labelled with x where \(x \in X\).
 3.
A node labelled \(\sigma \) with children \(t_0,\dots , t_{n1}\), when \(\sigma \in \varSigma \) has arity \(\alpha ^n \rightarrow \alpha \).
 4.
A node labelled \(\sigma \) with children \(t_0,t_1,\dots \), when \(\sigma \in \varSigma \) has arity \(\alpha ^\mathbf{N } \rightarrow \alpha \).
 5.
A node labelled \(\sigma _m\) where \(m \in \mathbb {N}\) with children \(t_0,\dots , t_{n1}\), when \(\sigma \in \varSigma \) has arity \(\mathbf N \times \alpha ^n \rightarrow \alpha \).
 6.
A node labelled \(\sigma _m\) where \(m \in \mathbb {N}\) with children \(t_0,t_1,\dots \), when \(\sigma \in \varSigma \) has arity \(\mathbf N \times \alpha ^\mathbf{N } \rightarrow \alpha \).
We write TX for the set of trees over X. We define a partial ordering on TX where \(t_1 \le t_2\), if \(t_1\) can be obtained by replacing subtrees of \(t_2\) by \(\bot \). This forms an \(\omega \)complete partial order, meaning that every ascending sequence \(t_1 \le t_2 \le \dots \) has a least upper bound \(\bigsqcup _n t_n\). Let \(\textit{Tree}(\tau ) := T\textit{Val}(\tau )\), we will define a reduction relation from computations to trees of values.
Given \(f: X \rightarrow Y\) and a tree \(t \in TX\), we write \(t[x \mapsto f(x)] \in TY\) for the tree whose leaves \(x \in X\) are renamed to f(x). We have a function \(\mu : TTX \rightarrow TX\), which takes a tree r of trees and flattens it to a tree \(\mu r \in TX\), by taking the labelling tree at each non\(\bot \) leaf of r as the subtree at the corresponding node in \(\mu r\). The function \(\mu \) is the multiplication associated with the monad structure of the T operation. The unit of the monad is the map \(\eta : X \rightarrow TX\) which takes an element \(x \in X\) and returns a leaf labelled x.
The operational mapping from a computation \(M \in \textit{Com}(\tau )\) to an effect tree is defined intuitively as follows. Start evaluating the M in the empty stack \(\textit{id}\), until the evaluation process (which is deterministic) terminates (if this never happens the tree is \(\bot \)). If the evaluation process terminates at a configuration of the form \((\textit{id}, \mathbf{return }\ V)\) then the tree is the leaf V. Otherwise the evaluation process can only terminate at a configuration of the form \((S, \sigma (\dots ))\) for some effect operation \(\sigma \in \varSigma \). In this case, create an internal node in the tree of the appropriate kind (depending on \(\sigma \)) and continue generating each child tree of this node by repeating the above process by evaluating an appropriate continuation computation, starting from a configuration with the current stack S.
Example 3
3 Behavioural Logic and Modalities
 (C1)

The logic should express only ‘behaviourally meaningful’ properties of programs. This guides us to build the logic upon primitive notions that have a direct behavioural interpretation according to a natural understanding of program behaviour.
 (C2)

The logic should be as expressive as possible within the constraints imposed by criterion (C1).
For every type \(\tau \), we define a collection \(\textit{VF}(\tau )\) of value formulas, and a collection \(\textit{CF}(\tau )\) of computation formulas, as motivated above.
Since boolean logical connectives say nothing themselves about computational behaviour, it is a reasonable general principle that ‘behavioural properties’ should be closed under such connectives. Thus, in keeping with criterion (C2), which asks for maximal expressivity, we close each set \(\textit{CF}(\tau )\) and \(\textit{VF}(\tau )\), of computation and value formulas, under infinitary propositional logic.
In addition to closure under infinitary propositional logic, each set \(\textit{VF}(\tau )\) contains a collection of basic value formulas, from which compound formulas are constructed using (infinitary) propositional connectives.^{1} The choice of basic formulas depends on the type \(\tau \).
For the unit type, we do not require any basic value formulas. The unit type has only one value, \(*\). The two subsets of this singleton set of values are defined by the formulas \(\bot \) (‘falsum’, given as an empty disjunction), and \(\top \) (the truth constant, given as an empty conjunction).
It remains to explain how the basic computation formulas in \(\textit{CF}(\tau )\) are formed. For this we require a given set \(\mathcal {O}\) of modalities, which depends on the algebraic effects contained in the language. The basic computation formulas in \(\textit{CF}(\tau )\) then have the form \(o\,\phi \), where \(o \in \mathcal {O}\) is one of the available modalities, and \(\phi \) is a value formula in \(\textit{VF}(\tau )\). Thus a modality ‘lifts’ properties of values of type \(\tau \) to properties of computations of type \(\tau \).
In order to give semantics to computation formulas \(o\, \phi \), we need a general theory of the kind of modality under consideration. This is one of the main contributions of the paper. Before presenting the general theory, we first consider motivating examples, using our running examples of algebraic effects.
Example 0
Example 1
Example 2
Example 3
Example 4
Example 5
We call our main behavioural logic \(\mathcal {V}\), where the letter \(\mathcal {V}\) is chosen as a reference to the fact that the basic formula at function type specifies function behaviour on individual value arguments V.
Definition 2
(The logic \(\mathcal {V}\)). The classes \(\textit{VF}(\tau )\) and \(\textit{CF}(\tau )\) of value and computation formulas, for each type \(\tau \), are mutually inductively defined by the rules in Fig. 2. In this, I can be instantiated to any set, allowing for arbitrary conjunctions and disjunctions. When I is \(\emptyset \), we get the special formulas \(\top = \bigwedge _{\emptyset }\) and \(\bot = \bigvee _{\emptyset }\). The use of arbitrary index sets means that formulas, as defined, form a proper class. However, we shall see below that countable index sets suffice.
We end this section by revisiting our running examples, and showing, in each case, that the example modalities presented above are all specified by suitable interpretation functions \(\llbracket \cdot \rrbracket : \mathcal {O} \rightarrow \mathcal {P}(T \mathbf {1})\).
Example 0
Example 1
Example 2
Example 3
Example 4
Example 5
4 Behavioural Equivalence
The goal of this section is to precisely formulate our main theorem: under suitable conditions, the behavioural equivalence determined by the logic \(\mathcal {V}\) of Sect. 3 is a congruence. In order to achieve this, it will be useful to consider the positive fragment \(\mathcal {V}^+\) of \(\mathcal {V}\).
Definition 3
(The logic \(\mathcal {V}^+\)). The logic \(\mathcal {V}^+\) is the fragment of \(\mathcal {V}\) consisting of those formulas in \(\textit{VF}(\tau )\) and \(\textit{CF}(\tau )\) that do not contain negation.
Whenever we have a logic \(\mathcal {L}\) whose value and computation formulas are given as subcollections \(\textit{VF}_\mathcal {L}(\tau ) \subseteq \textit{VF}(\tau )\) and \(\textit{CF}_\mathcal {L}(\tau ) \subseteq \textit{CF}(\tau )\), then \(\mathcal {L}\) determines a preorder (and hence also an equivalence relation) between terms of the same type and aspect.
Definition 4
In the case that formulas in \(\mathcal {L}\) are closed under negation, it is trivial that the preorder \(\sqsubseteq _{\mathcal {L}}\) is already an equivalence relation, and hence coincides with \(\equiv _{\mathcal {L}}\). Thus we shall only refer specifically to the preorder \(\sqsubseteq _{\mathcal {L}}\), for fragments, such as \(\mathcal {V}^+\), that are not closed under negation.
The two main relations of interest to us in this paper are the primary relations determined by \(\mathcal {V}\) and \(\mathcal {V}^+\): full behavioural equivalence \(\equiv _{\mathcal {V}}\); and the positive behavioural preorder \(\sqsubseteq _{\mathcal {V}^+}\) (which induces positive behavioural equivalence \(\equiv _{\mathcal {V}^+}\)).
We next formulate the appropriate notion of (pre)congruence to apply to the relations \(\equiv _{\mathcal {V}}\) and \(\sqsubseteq _{\mathcal {V}^+}\). These two preorders are examples of welltyped relations on closed terms. Any such relation can be extended to a relation on open terms in the following way. Given a welltyped relation \(\mathcal {R}\) on closed terms, we define the open extension \(\mathcal {R}^{\circ }\) where \(\varGamma \vdash M \mathcal {R}^{\circ } N : \tau \) precisely when, for every welltyped vector of closed values \(\overrightarrow{V} : \varGamma \), it holds that \(M[\overrightarrow{V}] \,\mathcal {R}\, N[\overrightarrow{V}]\). The correct notion of precongruence for a welltyped preorder on closed terms, is to ask for its open extension to be compatible in the sense of the definition below; see, e.g., [10, 19] for further explanation.
Definition 5
(Compatibility). A welltyped open relation \(\mathcal {R}\) is said to be compatible if it is closed under the rules in Fig. 3.
We now state our main congruence result, although we have not yet defined the conditions it depends upon.
Theorem 1
If \(\mathcal {O}\) is a decomposable set of Scottopen modalities then the open extensions of \(\equiv _{\mathcal {V}}\) and \(\sqsubseteq _{\mathcal {V}^+}\) are both compatible. (It is an immediate consequence that the open extension of \(\equiv _{\mathcal {V}^+}\) is also compatible.)
The Scottopenness condition refers to the Scott topology on \(T\mathbf 1 \).
Definition 6
We say that \(o \in \mathcal {O}\) is upwards closed if \(\llbracket o \rrbracket \) is an upperclosed subset of \(T\mathbf 1 \); i.e., if \(t \in \llbracket o \rrbracket \) implies \(t' \in \llbracket o \rrbracket \) whenever \(t \le t'\).
Definition 7
We say that \(o \in \mathcal {O}\) is Scottopen if \(\llbracket o \rrbracket \) is an open subset in the Scott topology on \(T\mathbf 1 \); i.e., \(\llbracket o \rrbracket \) is upper closed and, whenever \(t_1 \le t_2 \le \dots \) is an ascending chain in \(T\mathbf 1 \) with supremum \(\sqcup _i t_i \in \llbracket o \rrbracket \), we have \(t_n \in \llbracket o \rrbracket \) for some n.
Before formulating the property of decomposability, we make some simple observations about the positive preorder \(\sqsubseteq _{\mathcal {V}^+}\).
Lemma 8
Lemma 9
Similar characterisations, with appropriate adjustments, hold for behavioural equivalence \(\equiv _{\mathcal {V}}\).
Proposition 10
For computations \(M, N \in \textit{Com}(\mathbf {1})\), it holds that \(M \preceq N\) if and only if \(M \sqsubseteq _{\mathcal {V}^+} N\).
Proof
We now formulate the required notion of decomposability. We first give the general definition, and then follow it with a related notion of strong decomposability, which can be more convenient to establish in examples. Both definitions are unavoidably technical in nature.
For any relation \(\mathcal {R} \subseteq X \times Y\) and subset \(A \subseteq X\), we write \(\mathcal {R}^{\uparrow } A\) for the right set \(\{y \in Y \,  \, \exists x \in A, x \mathcal {R} y \}\). This allows use to easily define our required notion.
Definition 11
Corollary 22 in Sect. 5, may help to motivate the formulation of the above property, which might otherwise appear purely technical. The following stronger version of decomposability, which suffices for all examples considered in the paper, is perhaps easier to understand in its own right.
Definition 12
 1.
\(\forall i \in I, ~ r[\in \llbracket o_i' \rrbracket ]\in \llbracket o_i \rrbracket \,\); and
 2.
for every \(r' \in TT\mathbf 1 \), \((\,\forall i \in I, ~ r'[\in \llbracket o_i' \rrbracket ]\in \llbracket o_i \rrbracket \,)\) implies \(\mu r' \in \llbracket o \rrbracket \).
Proposition 13
If \(\mathcal {O}\) is a strongly decomposable then it is decomposable.
Proof
Suppose that \(r[\in A] \preceq r'[\in ({\preceq ^{\uparrow }\! A)}]\) holds for every \(A \subseteq T\mathbf 1 \). Assume that \(\mu r \in \llbracket o \rrbracket \in \mathcal {O}\). Then strong decomposability gives a collection \(\{(o_i,o_i')\}_I\). By the definition of \(\preceq \), for each \(o_i'\) we have \({\preceq ^{\uparrow }\! \llbracket o_i' \rrbracket } = \llbracket o_i' \rrbracket \). By the initial assumption, \(r[\in \llbracket o_i' \rrbracket ]\in \llbracket o_i \rrbracket \) implies \(r'[\in (\preceq ^{\uparrow } \! \llbracket o_i' \rrbracket )] \in \llbracket o_i \rrbracket \), and hence \(r'[\in \llbracket o_i' \rrbracket ] \in \llbracket o_i \rrbracket \). This holds for every i, so by strong decomposability \(\mu r' \in \llbracket o \rrbracket \). We have shown that \(\mu r \in \llbracket o \rrbracket \) implies \(\mu r' \in \llbracket o \rrbracket \). One can prove similarly that \(\mu r[\in \emptyset ] \in \llbracket o \rrbracket \) implies that \(\mu r'[\in \emptyset ] \in \llbracket o \rrbracket \) by observing that \(\preceq ^{\uparrow } \{x \,\, x[\in \emptyset ] \in \llbracket o_i'\rrbracket \} = \{x \,\, x[\in \emptyset ] \in \llbracket o_i'\rrbracket \}\). Thus it holds that \(\mu r \preceq \mu r'\) and hence \(\mathcal {O}\) is decomposable. \(\square \)
We end this section by again looking at our running examples, and showing, in each case, that the identified collection \(\mathcal {O}\) of modalities is Scottclosed (hence upwards closed) and strongly decomposable (hence decomposable). For any of the examples, upwards closure is easily established, so we will not show it here.
Example 0
(Pure functional computation). We have \(\mathcal {O} = \{{\downarrow }\}\) and \( \llbracket {\downarrow } \rrbracket = \{\, * \, \}\). Scott openness holds since if \(\sqcup _i t_i = *\) then for some i we must already have \(t_i = *\). It is strongly decomposable since: \(\mu r \in \llbracket \downarrow \rrbracket \Leftrightarrow r[\in \llbracket \downarrow \rrbracket ] \in \llbracket \downarrow \rrbracket \), which means r returns a tree t which is a leaf \(*\).
Example 1
Example 2
Example 3
(Probabilistic choice). \(\mathcal {O} = \{ \mathsf {P}_{>q} \mid q \in \mathbb {Q},\, 0 \le q < 1\}\). For the Scottopenness of \(\llbracket \mathsf {P}_{>q} \rrbracket = \{ t \mid \mathbf {P} (\,t~\text {terminates with a * leaf}\,)~>~q\}\), note that \(\mathbf {P}(\,\sqcup _i t_i~\text {terminates with a} * \mathrm{leaf}\,)\) is determined by some countable sum over the leaves of \(t_i\). If this sum is greater than a rational q, then some finite approximation of the sum must already be above q. The finite sum is over finitely many leaves from \(\sqcup _i t_i\), all of which will be present in \(t_i\) for some i. Hence \(t_i \in \llbracket \mathsf {P}_{>q} \rrbracket \).
We have strong decomposability, since \(\mathbf {P}(\,\mu r~ \text {terminates with a} * \mathrm{leaf}\,)\) equals the integral of the function \(f_r(x) = \textit{sup}\{y \in [0,1] \,  \, r[\llbracket \mathsf {P}_{>x} \rrbracket ] \in \llbracket \mathsf {P}_{>y} \rrbracket \}\) from [0, 1] to [0, 1]. Indeed, \(f_r(x)\) gives the probability that r return a tree \(t \in \llbracket \mathsf {P}_{>x} \rrbracket \). So we know that if \(\forall x,y, r[\llbracket \mathsf {P}_{>x} \rrbracket ] \in \llbracket \mathsf {P}_{>y} \rrbracket \Rightarrow r'[\llbracket \mathsf {P}_{>x} \rrbracket ] \in \llbracket \mathsf {P}_{>y} \rrbracket \), then \(f_{r'}(x) \ge f_r(x)\) for any x. Hence if \(\mu r \in \llbracket \mathsf {P}_{>q} \rrbracket \) then \(\int f_r > q\), whence also \(\int f_{r'} > q\), which means \(\mu r' \in \llbracket \mathsf {P}_{>q} \rrbracket \).
Example 4
Example 5
5 Applicative \(\mathcal {O}\)(bi)similarity
Definition 14
 1.
\(V \mathcal {R}^v_\mathbf{N } W ~ \Rightarrow ~ (V = W)\)
 2.
\(M \mathcal {R}^c_{\tau } N~ \Rightarrow ~M\) \(\mathcal {O}(\mathcal {R}^v_{\tau })\) N
 3.
\(V \mathcal {R}^v_{\rho \rightarrow \tau } W ~\Rightarrow ~\forall U \in \textit{Val}(\rho ), \; VU \; \mathcal {R}^c_{\tau } \; WU\)
Definition 15
An applicative \(\mathcal {O}\)bisimulation is a symmetric \(\mathcal {O}\)simulation. The relation of \(\mathcal {O}\)bisimilarity is the largest applicative \(\mathcal {O}\)bisimulation.
Lemma 16
Applicative \(\mathcal {O}\)bisimilarity is identical to the relation of applicative \((\mathcal {O} \cap \mathcal {O}^{\mathsf {op}})\)similarity, where \(t (\mathcal {O} \cap \mathcal {O}^{\mathsf {op}})(\mathcal {R}) r \Leftrightarrow t \mathcal {O} (\mathcal {R}) r \wedge r \mathcal {O} (\mathcal {R}^{\mathsf {op}}) t\).
Proof
Let \(\mathcal {R}\) be the \(\mathcal {O}\)bisimilarity, then by symmetry we have \(\mathcal {R}^{\mathsf {op}} = \mathcal {R}\). So if \(M \mathcal {R} N\) we have \(N \mathcal {R} M\), and by the simulation rules we derive \(M \mathcal {O} (\mathcal {R}) N\) and \(N \mathcal {O} (\mathcal {R}) M\) which is what we needed.
Let \(\mathcal {R}\) be the \(\mathcal {O} \cap \mathcal {O}^{\mathsf {op}}\)similarity. If \(M \mathcal {R}^{\mathsf {op}} N\) then \(N (\mathcal {O} \cap \mathcal {O}^{\mathsf {op}})(\mathcal {R}) M\) so \(N \mathcal {O} (\mathcal {R}) M \wedge M \mathcal {O} (\mathcal {R}^{\mathsf {op}}) N\) which results in \(M (\mathcal {O} \cap \mathcal {O}^{\mathsf {op}})(\mathcal {R}^{\mathsf {op}}) N\). Verifying the other simulation conditions as well, we can conclude that the symmetric closure \(\mathcal {R} \cup \mathcal {R}^{\mathsf {op}}\) is also a \(\mathcal {O} \cap \mathcal {O}^{\mathsf {op}}\)simulation. So \(\mathcal {R}\) must, as the largest such simulation, be symmetric. Hence \(\mathcal {R}\) is a symmetric \(\mathcal {O}\)simulation as well.
For brevity, we will leave out the word “applicative” from here on, and write o to mean its denotation \(\llbracket o \rrbracket \). We also introduce brackets, writing \(o[\phi ]\) for \(o \, \phi \). The key result now is that the maximal relation, the \(\mathcal {O}\)similarity is in most cases the same object as our logical preorder. We first give a short Lemma.
Lemma 17
For any fragment \(\mathcal {L}\) of \(\mathcal {V}\) closed under countable conjunction, it holds that for each value V there is a formula \(\chi _V \in \mathcal {L}\) s.t. \(W~\models _{\mathcal {L}} \chi _V \Leftrightarrow V \sqsubseteq _{\mathcal {L}}~W\).
Proof
For each U such that \((V \not \sqsubseteq _{\mathcal {L}} U)\), choose a formula \(\phi ^U \in \mathcal {L}\) such that \(V \models _{\mathcal {L}} \phi ^U\) and \((U \not \models ~\phi ^U)\). Then if we define \(\chi _V := \bigwedge _{\{U \mid V \not \sqsubseteq _{\mathcal {L}} U\}} \phi ^U\) it holds that \(V \not \sqsubseteq _{\mathcal {L}} U \Leftrightarrow U \not \models \chi _V\), which is what we want.
Theorem 2
(a). For any family of upwards closed modalities \(\mathcal {O}\), we have that the logical preorder \(\sqsubseteq _{\mathcal {V}^+}\) is identical to \(\mathcal {O}\)similarity.
Proof
We write \(\sqsubseteq \) instead of \(\sqsubseteq _{\mathcal {V}^+}\) to make room for other annotations. We first prove that our logical preorder \(\sqsubseteq \) is an \(\mathcal {O}\)simulation by induction on types.
 1.
Values of \(\mathbf N \). If \(\overline{n} \sqsubseteq ^v_\mathbf{N } \overline{m}\), then since \(\overline{n} \models ~\{n\}\) we have that \(\overline{m}~\models ~\{n\}\), hence \(m=n\).
 2.
Computations of \(\tau \). Assume \(M \sqsubseteq ^c_{\tau } N\), we prove that \(M \mathcal {O}(\sqsubseteq ^v_{\tau }) N\). Take \(A \subseteq \textit{Val}(\tau )\) and \(o \in \mathcal {O}\) such that \(M[\in A] \in o\). Taking the following formula \(\phi := \bigvee _{a \in A} \chi _a\) (where \(\chi _a\) as in Lemma 17), then \(b \models ~\phi \Leftrightarrow \exists a \in A, a \sqsubseteq ^v_{\tau } b\) and \(a \in A \Rightarrow a~\models \phi \). So \(M[\models ~\phi ] \ge M[\in A]\), hence since o is upwards closed, \(M[\models ~\phi ] \in o\). By \(M \sqsubseteq ^c_{\tau } N\) we have \(N[\in \{b \in \textit{Val}(\tau ) \,\, \exists a \in A, a \sqsubseteq ^v_{\tau } b\}] = N[\models ~\phi ] \in o\). Hence we can conclude that \(M \mathcal {O}(\sqsubseteq ^v_{\tau }) N\).
 3.
Function values of \(\rho \rightarrow \tau \), this follows from Lemma 8 and the Induction Hypothesis.
We can conclude that \(\sqsubseteq \) is an \(\mathcal {O}\)simulation. Now take an arbitrary \(\mathcal {O}\)simulation \(\mathcal {R}\). We prove by induction on types that \(\mathcal {R} \subseteq (\sqsubseteq )\).
 1.
Values of \(\mathbf N \). If \(V \mathcal {R}^v_\mathbf{N } W\) then \(V=W\), hence by reflexivity we get \(V \sqsubseteq ^v_\mathbf{N } W\).
 2.
Computations of \(\tau \). Assume \(M \mathcal {R}^c_{\tau } N\), we prove that \(M \sqsubseteq ^c_{\tau } N\) using the characterisation from Lemma 9. Say for \(o \in \mathcal {O}\) and \(\phi \in \textit{VF}(\tau )\) we have \(M~\models ~o[\phi ]\). Let \(A_{\phi } := \{a \in \textit{Val}(\tau ) \,\, a~\models ~\phi \} \subseteq \textit{Val}(\tau )\), then \(M[\in A_{\phi }] = M[\models ~\phi ] \in o\) hence by \(M \mathcal {R}^c_{\tau } N\) we derive \(N[\in \{b \in \textit{Val}(\tau ) \,\, \exists a \in A_{\phi }, a \mathcal {R}^v_{\tau } b \}] \in o\). By Induction Hypothesis on values of \(\tau \), we know that \(\mathcal {R}^v_{\tau } \subseteq (\sqsubseteq ^v_{\tau })\), hence ‘\(\exists a \in A_{\phi }, a \mathcal {R}^v_{\tau } b\)’ implies \(b~\models ~\phi \). We get that \(N[\models ~\phi ] \ge N[\in \{b \in \textit{Val}(\tau ) \,\, \exists a \in A_{\phi }, a \mathcal {R}^v_{\tau } b \}]\), so by upwards closure of o we have \(N[\models ~\phi ] \in o\) meaning \(N~\models ~o[\phi ]\). We conclude that \(M \sqsubseteq ^c_{\tau } N\).
 3.
Function values of \(\rho \rightarrow \tau \), assume \(V \mathcal {R}^v_{\rho \rightarrow \tau } W\). We prove \(V \sqsubseteq ^v_{\rho \rightarrow \tau } W\) using the characterisation from Lemma 8. Assume \(V~\models ~(U \mapsto \varPhi )\) where \(U \in \textit{Val}(\rho )\) and \(\varPhi \in \textit{CF}(\tau )\), so \(VU~\models ~\varPhi \). By \(V \mathcal {R}^v_{\rho \rightarrow \tau } W\) we have \(VU \; \mathcal {R}^c_{\tau } \; WU\) and by Induction Hypothesis we have \(\mathcal {R}^c_{\tau } \subseteq (\sqsubseteq ^c_{\tau })\), so \(VU \sqsubseteq ^c_{\tau } WU\). Hence \(WU~\models ~\varPhi \) meaning \(W \models ~(U \mapsto \varPhi )\). We can conclude that \(V \sqsubseteq ^v_{\rho \rightarrow \tau } W\).
 4.
Values of \(\mathbf {1}\). If \(V \mathcal {R}^v_\mathbf{{1}} W\) then \(V=*=W\) hence \(V \sqsubseteq ^v_\mathbf{{1}} W\).
In conclusion: any \(\mathcal {O}\)simulation \(\mathcal {R}\) is a subset of the \(\mathcal {O}\)simulation \(\sqsubseteq _{\mathcal {V}^+}\). So \(\sqsubseteq _{\mathcal {V}^+}\) is \(\mathcal {O}\)similarity. \(\square \)
Alternatively, we can look at the variation of our logic with negation. This is related to applicative bisimulations.
Theorem 2
(b). For any family of upwards closed modalities \(\mathcal {O}\), we have that the logical equivalence \(\equiv _{\mathcal {V}}\) is identical to \(\mathcal {O}\)bisimilarity.
Proof
Note first that \(\equiv _{\mathcal {V}}\) is symmetric.
Secondly, note that since \(\equiv _{\mathcal {V}} = \sqsubseteq _{\mathcal {V}}\) we know by Lemma 17, that for any V, there is a formula \(\chi _V\) such that \(W~\models ~\chi _V \Leftrightarrow V \equiv _{\mathcal {V}} W\).
 1.
Computations of \(\tau \). Assume \(M \equiv ^c_{\tau } N\) and \(M[\in A] \in o \in \mathcal {O}\). Then \(M~\models o[\bigvee _{V \in A} \chi _V]\) hence \(N~\models ~o[\bigvee _{V \in A} \chi _V]\) meaning \(N[\in \{W \,\, \exists V \in A, V \equiv ^c_{\tau } W\}]\). So \(M \mathcal {O}(\equiv ^v_{\tau }) N\).
 2.
Functions of \(\rho \rightarrow \tau \), if \(V \equiv ^v_{\rho \rightarrow \tau } W\) and \(U \in \textit{Val}(\rho )\). If \(VU~\models ~\varPhi \), then \(V~\models ~U \mapsto \varPhi \) hence \(W~\models ~U \mapsto \varPhi \) so \(WU~\models ~\varPhi \). Same vice versa, so \(VU \equiv ^c_{\tau } WU\).
So \(\equiv _{\mathcal {V}}\) is an \(\mathcal {O}\)bisimulation. Now take any \(\mathcal {O}\)bisimulation \(\mathcal {R}\).
 1.
Computations of \(\tau \), if \(M \mathcal {R} N\) and \(M \models ~o[\phi ]\) then \(M[\models ~\phi ] \in o\) hence \(N[\in \{W \,\, \exists V~\models ~\phi , V \mathcal {R}^v_{\tau }W\}] \in o\). By Induction Hypothesis, \((\mathcal {R}^v_{\tau }) \subseteq (\equiv ^v_{\tau })\) so \(\{W \,\, \exists V~\models ~\phi , V \mathcal {R}^v_{\tau }W\} \subseteq \{W \,\, \exists V~\models \phi , V \equiv ^v_{\tau } W\}\). So by upwards closure of o we get that \(N[\in \{W \,\, \exists V~\models ~\phi , V \equiv ^v_{\tau } W\}] \in o\) and further that \(N~\models o[\phi ]\). We can conclude \(M \equiv _{\mathcal {V}} N\).
 2.
Values of \(\rho \rightarrow \tau \), if \(V \mathcal {R} W\) and \(V~\models ~U \mapsto \varPhi \), then \(VU~\models \varPhi \) and \(VU \; \mathcal {R} \; WU\) hence by Induction Hypothesis, \(VU \equiv WU\) meaning \(WU~\models ~\varPhi \) so \(W~\models ~U \mapsto \varPhi \). If \(V~\models ~\lnot (U \mapsto \varPhi )\) then \(\lnot (VU~\models \varPhi )\) hence by \(VU \equiv WU\) we have \(\lnot (WU~\models ~\varPhi )\) so \(W \models ~\lnot (U \mapsto \varPhi )\). For the \(\bigvee \) and \(\bigwedge \) constructors, a simple Induction Step would suffice, and for higher level negation note that \(\lnot \bigvee \phi \Leftrightarrow \bigwedge \lnot \phi \) and \(\lnot \bigwedge \phi \Leftrightarrow \bigvee \lnot \phi \).
We can conclude that \((\mathcal {R}) \subseteq (\equiv _{\mathcal {V}})\), so \(\equiv _{\mathcal {V}}\) is indeed \(\mathcal {O}\)bisimilarity. \(\square \)
We end this section by stating the abstract properties of our relational lifting \(\mathcal {O}(\mathcal {R})\) required for the proof by Howe’s method in Sect. 6 to go through. The necessary properties were identified in [9]. The contribution of this paper is that all the required properties follow from our modalitybased definition of \(\mathcal {O}(\mathcal {R})\).
The first set of properties tell us that \(\mathcal {O}()\) is a relator in the sense of [12]:
Lemma 18
 1.
If \(\mathcal {R} \subseteq X \times X\) is reflexive, then so is \(\mathcal {O}(\mathcal {R})\).
 2.
\(\forall \mathcal {R}, \forall \mathcal {S}, \quad \mathcal {O}(\mathcal {R}) \mathcal {O}(\mathcal {S}) \subseteq \mathcal {O}(\mathcal {R} \mathcal {S})\), where \(\mathcal {R} \mathcal {S}\) is relation composition.
 3.
\(\forall \mathcal {R}, \forall \mathcal {S}, \quad \mathcal {R} \subseteq \mathcal {S} \Rightarrow \mathcal {O}(\mathcal {R}) \subseteq \mathcal {O}(\mathcal {S})\).
 4.
\(\forall f: X \rightarrow Z, g: Y \rightarrow W, \mathcal {R} \subseteq Z \times W, \mathcal {O}((f \times g)^{1}\mathcal {R}) = (Tf \times Tg)^{1} \mathcal {O}(\mathcal {R})\)
where \((f \times g)^{1}(\mathcal {R}) = \{(x,y) \in X \times Y \,\, f(x) \mathcal {R} g(y)\}\).
The next property together with the previous lemma establishes that \(\mathcal {O}()\) is a monotone relator in the sense of [25].
Lemma 19
The relator also interacts well with the monad structure on T.
Lemma 20
 1.
\(x \mathcal {R} y~ \Rightarrow ~\eta (x) \mathcal {O}(\mathcal {R}) \eta (y)\);
 2.
\(t \mathcal {O}(\mathcal {O}(\mathcal {R})) r~ \Rightarrow ~ \mu t \mathcal {O}(\mathcal {R}) \mu r\).
Finally, the following properties show that relator behaves well with respect to the order on trees.
Lemma 21
 1.
If \(\mathcal {R}\) is reflexive, then \(t \le r \Rightarrow t \mathcal {O}(\mathcal {R}) r\).
 2.
For any two sequences \(u_0 \le u_1 \le u_2 \le \dots \) and \(v_0 \le v_1 \le v_2 \le \dots \):
\(\forall n, (u_n \mathcal {O}(\mathcal {R}) v_n) ~ \Rightarrow ~ (\sqcup _n u_n) \mathcal {O}(\mathcal {R}) (\sqcup _n v_n)\)
The lemmas above list the core properties of the relator, which are satisfied when our family \(\mathcal {O}\) is decomposable and contains only Scott open modalities. The results below follow from those above.
Corollary 22
Corollary 23
 1.
Given \(f: X \rightarrow Z\), \(g: Y \rightarrow W\), \(\mathcal {R} \subseteq X \times Y\) and \(\mathcal {S} \subseteq Z \times W\), if for all \(x \in X\) and \(y \in Y\) we have \(x \mathcal {R} y \Rightarrow f(x) \, \mathcal {O}(\mathcal {S}) \, g(y))\) and if \(t \mathcal {O}(\mathcal {R}) r\) then \(\mu (t[x \mapsto f(x)]) \, \mathcal {O}(\mathcal {S}) \, \mu (r[y \mapsto g(y)])\)
 2.
\((\forall k, u_k \mathcal {O}(\mathcal {S}) v_k) ~ \Rightarrow ~ \sigma (u_0,u_1,\dots ) \mathcal {O}(\mathcal {S}) \sigma (v_0,v_1,\dots )\)
Point 2 of Corollary 23 has been stated in such a way that it contains both the infinite arity case \(\alpha ^\mathbf{N } \rightarrow \alpha \) and the finite arity case \(\alpha ^{n} \rightarrow \alpha \). So it states that any lifted relation is preserved under any of the predefined algebraic effects.
6 Howe’s Method
In this section, we apply Howe’s method, first developed in [5, 6], to establish the compatibility of applicative (bi)similarity, and hence of the behavioural preorders. Given a relation \(\mathcal {R}\) on terms, one defines its Howe closure \(\mathcal {R}^{\bullet }\), which is compatible and contains the open extension \(\mathcal {R}^{\circ }\). Our proof makes fundamental use of the relator properties from Sect. 5, closely following the approach of [9].
Proposition 24
If \(\mathcal {O}\) is a decomposable set of Scott open modalities, then for any \(\mathcal {O}\)simulation preorder \(\sqsubseteq \), the restriction of its Howe closure \(\sqsubseteq ^{\bullet }\) to closed terms is an \(\mathcal {O}\)simulation.
In the proof of the proposition, the relator properties are mainly used to show that \(\sqsubseteq ^{\bullet }\) satisfies condition (2) in Definition 14.
We can now establish the compatibility of applicative \(\mathcal {O}\)similarity.
Theorem 3
(a). If \(\mathcal {O}\) is a decomposable set of Scott open modalities, then the open extension of the relation of \(\mathcal {O}\)similarity is compatible.
Proof
(sketch). We write \(\sqsubseteq _{s}\) for the relation of \(\mathcal {O}\)similarity. Since \(\sqsubseteq _{s}\) is an \(\mathcal {O}\)simulation, we know by Proposition 24 that \(\sqsubseteq _{s}^{\bullet }\) limited to closed terms is one as well, and hence is contained in the largest \(\mathcal {O}\)simulation \(\sqsubseteq _{s}\). Since \(\sqsubseteq _{s}^{\bullet }\) is compatible, it is contained in the open extension \(\sqsubseteq _{s}^{\circ }\). We can conclude that \(\sqsubseteq _{s}^{\circ }\) is equal to the Howe closure \(\sqsubseteq _{s}^{\bullet }\), which is compatible. \(\square \)
To prove that \(\mathcal {O}\)bisimilarity is compatible, we use the following result from [10] (where we write \(\mathcal {S}^{*}\) for the transitivereflexive closure of a relation \(\mathcal {S}\)).
Lemma 25
If \(\mathcal {R}^{\circ }\) is symmetric and reflexive, then \(\mathcal {R}^{\bullet *}\) is symmetric.
Theorem 3
(b). If \(\mathcal {O}\) is a decomposable set of Scott open modalities, then the open extension of the relation of \(\mathcal {O}\)bisimilarity is compatible.
Proof
(sketch). We write \(\mathcal {O}\)bisimilarity as \(\sqsubseteq _{b}\). From Proposition 24 we know that \(\sqsubseteq _{b}^{\bullet }\) on closed terms is an \(\mathcal {O}\)simulation, and so we know \(\sqsubseteq _{b}^{\bullet *}\) is an \(\mathcal {O}\)simulation as well (using Lemma 18). Since \(\sqsubseteq _{b}\) is reflexive and symmetric, we know by the previous lemma that \(\sqsubseteq _{b}^{\bullet *}\) is symmetric. Hence \(\sqsubseteq _{b}^{\bullet *}\) is an \(\mathcal {O}\)bisimulation, implying \((\sqsubseteq _{b}^{\bullet *}) \subseteq (\sqsubseteq _{b}^{\circ })\) by compatibility of \(\sqsubseteq _{b}^{\bullet *}\). Since \((\sqsubseteq _{b}^{\circ }) \subseteq (\sqsubseteq _{b}^{\bullet }) \subseteq (\sqsubseteq _{b}^{\bullet *})\) we have that \((\sqsubseteq _{b}^{\bullet *}) = (\sqsubseteq _{b}^{\circ })\), and we can conclude that \(\sqsubseteq _{b}^{\circ }\) is compatible. \(\square \)
7 Pure Behavioural Logic
In this section, we briefly explore an alternative formulation of our logic. This has both conceptual and practical motivations. Our very approach to behavioural logic, fits into the category of endogenous logics in the sense of Pnueli [24]. Formulas (\(\phi \) and \(\varPhi \)) express properties of individual programs, through satisfaction relations (\(V~\models ~\phi \) and \(M \models ~\varPhi \)). Programs are thus considered as ‘models’ of the logic, with the satisfaction relation being defined via program behaviour.
It is conceptually appealing to push the separation between program and logic to its natural conclusion, and ask for the syntax of the logic to be independent of the syntax of the programming language. Indeed, it seems natural that it should be possible to express properties of program behaviour without knowledge of the syntax of the programming language. Under our formulation of the logic \(\mathcal {V}\), this desideratum is violated by the value formula \((V \mapsto \varPsi )\) at function type, which mentions the programming language value V.
This issue can be addressed, by replacing the basic value formula \((V \mapsto \varPsi )\) with the alternative \((\phi \mapsto \varPsi )\), already mentioned in Sect. 3. Such a change also has a practical motivation. The formula \((\phi \mapsto \varPsi )\) declares a precondition and postcondition for function application, supporting a useful specification style.
Definition 26
Proposition 27
If the open extension of \(\equiv _\mathcal {V}\) is compatible then the logics \(\mathcal {V}\) and \(\mathcal {F}\) are equiexpressive. Similarly, if the open extension of \(\sqsubseteq _{\mathcal {V}^+}\) is compatible then the positive fragments \(\mathcal {V}^+\) and \(\mathcal {F}^+\) are equiexpressive.
Proof
The definition of \((\phi \mapsto \varPsi )\) within \(\mathcal {V}\), given in (1) of Sect. 3, can be used as the basis of an inductive translation from \(\mathcal {F}\) to \(\mathcal {V}\) (and from \(\mathcal {F}^+\) to \(\mathcal {V}^+\)).
Combining the above proposition with Theorem 1 we obtain the following.
Corollary 28
Suppose \(\mathcal {O}\) is a decomposable family of Scottopen modalities. Then \(\equiv _{\mathcal {F}}\) coincides with \(\equiv _{\mathcal {V}}\), and \(\sqsubseteq _{\mathcal {F}^+}\) coincides with \(\sqsubseteq _{\mathcal {V}^+}\). Hence the open extensions of \(\equiv _{\mathcal {F}}\) and \(\sqsubseteq _{\mathcal {F}^+}\) are compatible.
We do not know any proof of the compatibility of the \(\equiv _{\mathcal {F}}\) and \(\sqsubseteq _{\mathcal {F}^+}\) relations that does not go via the logic \(\mathcal {V}\). In particular, the compatibility property of the \(\mathbf{fix }\) operator seems difficult to establish directly for \(\equiv _{\mathcal {F}}\) and \(\sqsubseteq _{\mathcal {F}^+}\).
8 Discussion and Related Work
The behavioural logics considered in this paper are designed for the purpose of clarifying the notion of ‘behavioural property’, and for defining behavioural equivalence. As infinitary propositional logics, they are not directly suited to practical applications such as specification and verification. Nevertheless, they serve as lowlevel logics into which more practical finitary logics can be translated. For this, the closure of the logics under infinitary propositional logic is important. For example, there are standard translations of quantifiers and least and greatest fixed points into infinitary propositional logic. Also, in the case of global store, Hoare triples translate into logical combinations of modal formulas.
Our approach, of basing logics for effects on behavioural modalities, may potentially inform the design of practical logics for specifying and reasoning about effects. For example, Pitts’ evaluation logic was an early logic for general computational effects [18]. In the light of the general theory of modalities in the present paper, it seems natural to replace the builtin \(\Box \) and \(\Diamond \) modalities of evaluation logic, with effectspecific modalities, as in Sect. 3.
The logic for algebraic effects, of Plotkin and Pretnar [23], axiomatises effectful behaviour by means of an equational theory over the signature of effect operations, following the algebraic approach to effects advocated by Plotkin and Power [22]. Such equational axiomatisations are typically sound with respect to more than one notion of program equivalence. The logic of [23] can thus be used to soundly reason about program equivalence, but does not in itself determine a notion of program equivalence. Instead, our logic is specifically designed as a vehicle for defining program equivalence. In doing so, our modalities can be viewed as a chosen family of ‘observations’ that are compatible with the effects present in the language. It is the choice of modalities that determines the equational properties that the effect operations satisfy.
The logic of [23] itself makes use of modalities, called operation modalities, each associated with a single effect operations in \(\varSigma \). It would be natural to replace these modalities, which are syntactic in nature, with behavioural modalities of the form we consider. Similarly, our behavioural modalities appear to offer a promising basis for developing a modalitybased refinementtype system for algebraic effects. In general, an important advantage we see in the use of behavioural modalities is that our notion of strong decomposability appears related to the availability of compositional proof principles for modal properties. This is a promising avenue for future exploration.
A rather different approach to logics for effects has been proposed by Goncharov, Mossakowski and Schröder [3, 16]. They assume a semantic setting in which the programming language is rich enough to contain a pure fragment that itself acts as a program logic. This approach is very powerful for certain effects. For example, Hoare logic can be derived in the case of global store. However, it appears not as widely adaptable across the range of effects as our approach.
Our logics exhibit certain similarities in form with the endogenous logic developed in Abramsky’s domain theory in logical form [2]. Our motivation and approach are, however, quite different. Whereas Abramsky shows the usefulness of an axiomatic approach to a finitary logic as a way of characterising denotational equality, the present paper shows that there is a similar utility in considering an infinitary logic from a semantic perspective (based on operational semantics) as a method of defining behavioural equivalence.
The work in this paper has been carried out for finegrained callbyvalue [13], which is equivalent to callbyvalue. The definitions can, however, be adapted to work for callbyname, and even callbypushvalue [11]. Adding type constructors such as sum and product is also straightforward. We have not checked the generalisation to arbitrary recursive types, but we do not foresee any problem.
An omission from the present paper is that we have not said anything about contextual equivalence, which is often taken to be the default equivalence for applicative languages. In addition to determining the logically defined preorders/equivalences, the choice of the set \(\mathcal {O}\) of modalities gives rise to a natural definition of contextual preorder, namely the largest compatible preorder that, on computations of unit type \(\mathbf {1}\), is contained in the \(\preceq \) relation from Sect. 4. The compatibility of \(\sqsubseteq _{\mathcal {V}^+}\) established in the present paper means that we have the expected relation inclusions \({\equiv _\mathcal {V}}\, \subseteq \, {\sqsubseteq _{\mathcal {V}^+}} \,\subseteq \,{\sqsubseteq _\text {ctxt}}\). It is an interesting question whether the logic can be restricted to characterise contextual equivalence/preorder. A more comprehensive investigation of contextual equivalence is being undertaken, in ongoing work, by Aliame Lopez and the first author.
The crucial notion of modality, in the present paper, was adapted from the notion of observation in [8]. The change from a set of trees of type \(\mathbf N \) (an observation) to a set of unittype trees (a modality) allows value formulas to be lifted to computation formulas, analogously to predicate lifting in coalgebra [7], which is a key characteristic of our modalities. Properties of Scottopenness and decomposability play a similar role the present paper to the role they play in [8]. However, the notion of decomposability for modalities (Definition 11) is more subtle than the corresponding notion for observations in [8].
There are certain limitations to the theory of modalities in the present paper. For example, for the combination of probability and nondeterminism, one might naturally consider modalities \(\Diamond \mathsf {P}_r\) and \(\Box \mathsf {P}_r\) asserting the possibility and necessity of the termination probability exceeding r. However, the decomposability property fails. It appears that this situation can be rescued by changing to a quantitative logic, with a corresponding notion of quantitative modality. This is a topic of ongoing research.
Footnotes
 1.
We call such formulas basic rather than atomic because they include formulas such as \((V \mapsto \varPhi )\), discussed below, which are built from other formulas.
Notes
Acknowledgements
We thank Francesco Gavazzo, Aliaume Lopez and the anonymous referees for helpful discussions and comments.
References
 1.Abramsky, S.: The lazy \(\lambda \)calculus. In: Research Topics in Functional Programming, pp. 65–117 (1990)Google Scholar
 2.Abramsky, S.: Domain theory in logical form. Ann. Pure Appl. Log. 51(1–2), 1–77 (1991)MathSciNetCrossRefGoogle Scholar
 3.Goncharov, S., Schröder, L.: A relatively complete generic Hoare logic for orderenriched effects. In: Proceedings of the 28th Annual Symposium on Logic in Computer Science (LICS 2013), pp. 273–282. IEEE (2013)Google Scholar
 4.Hennessy, M., Milner, R.: Algebraic laws for nondeterminism and concurrency. J. ACM (JACM) 32(1), 137–161 (1985)MathSciNetCrossRefGoogle Scholar
 5.Howe, D.J.: Equality in lazy computation systems. In: Proceedings of the 4th IEEE Symposium on Logic in Computer Science, pp. 198–203 (1989)Google Scholar
 6.Howe, D.J.: Proving congruence of bisimulation in functional programming languages. Inf. Comput. 124(2), 103–112 (1996)MathSciNetCrossRefGoogle Scholar
 7.Jacobs, B.: Introduction to Coalgebra: Towards Mathematics of States and Observation. Cambridge University Press, Cambridge (2016)zbMATHGoogle Scholar
 8.Johann, P., Simpson, A., Voigtländer, J.: A generic operational metatheory for algebraic effects. In: Logic in Computer Science, pp. 209–218 (2010)Google Scholar
 9.Ugo, D.L., Gavazzo, F., Levy, P.B.: Effectful applicative bisimilarity: Monads, relators, and the Howe’s method. In: Logic in Computer Science, pp. 1–12 (2017)Google Scholar
 10.Lassen, S.B.: Relational Reasoning about Functions and Nondeterminism. Ph.D. thesis, BRICS (1998)Google Scholar
 11.Levy, P.B.: Callbypushvalue: decomposing callbyvalue and callbyname. HigherOrder Symbol. Comput. 19(4), 377–414 (2006)CrossRefGoogle Scholar
 12.Levy, P.B.: Similarity quotients as final coalgebras. In: Hofmann, M. (ed.) FoSSaCS 2011. LNCS, vol. 6604, pp. 27–41. Springer, Heidelberg (2011). https://doi.org/10.1007/9783642198052_3CrossRefGoogle Scholar
 13.Levy, P.B., Power, J., Thielecke, H.: Modelling environments in callbyvalue programming languages. Inf. Comput. 185(2), 182–210 (2003)MathSciNetCrossRefGoogle Scholar
 14.Milner, R.: A Calculus of Communicating Systems. Springer, Heidelberg (1982). https://doi.org/10.1007/3540102353CrossRefzbMATHGoogle Scholar
 15.Moggi, E.: Notions of computation and monads. Inf. Comput. 93(1), 55–92 (1991)MathSciNetCrossRefGoogle Scholar
 16.Mossakowski, T., Schröder, L., Goncharov, S.: A generic complete dynamic logic for reasoning about purity and effects. Formal Aspects Comput. 22(3–4), 363–384 (2010)CrossRefGoogle Scholar
 17.Park, D.: Concurrency and automata on infinite sequences. In: Deussen, P. (ed.) GITCS 1981. LNCS, vol. 104, pp. 167–183. Springer, Heidelberg (1981). https://doi.org/10.1007/BFb0017309CrossRefGoogle Scholar
 18.Pitts, A.: Evaluation logic. In: Birtwistle, G. (ed.) 4th Higher Order Workshop. Workshops in Computing, pp. 162–189. Springer, London (1990). https://doi.org/10.1007/9781447131823_11CrossRefGoogle Scholar
 19.Pitts, A.: Parametric polymorphism and operational equivalence. Math. Struct. Comput. Sci. 10, 321–359 (2000)MathSciNetCrossRefGoogle Scholar
 20.Plotkin, G.: LCF considered as a programming language. Theor. Comput. Sci. 5(3), 223–255 (1977)MathSciNetCrossRefGoogle Scholar
 21.Plotkin, G., Power, J.: Adequacy for algebraic effects. In: Honsell, F., Miculan, M. (eds.) FoSSaCS 2001. LNCS, vol. 2030, pp. 1–24. Springer, Heidelberg (2001). https://doi.org/10.1007/3540453156_1CrossRefGoogle Scholar
 22.Plotkin, G., Power, J.: Notions of computation determine monads. In: Nielsen, M., Engberg, U. (eds.) FoSSaCS 2002. LNCS, vol. 2303, pp. 342–356. Springer, Heidelberg (2002). https://doi.org/10.1007/3540459316_24CrossRefzbMATHGoogle Scholar
 23.Plotkin, G., Pretnar, M.: A logic for algebraic effects. In: Proceedings of the Logic in Computer Science, pp. 118–129 (2008)Google Scholar
 24.Pnueli, A.: The temporal logic of programs. In: Proceedings of the 18th Annual Symposium on the Foundations of Computer Science, pp. 46–57 (1977)Google Scholar
 25.Thijs, A.M.: Simulation and fixpoint semantics. Ph.D. thesis (1996)Google Scholar
Copyright information
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this book are included in the book's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the book's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.