Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

1 Introduction

A monad is a categorical concept that is surprisingly useful in the theory of computation. On the one hand it describes a form of computation (such as partial, non-deterministic, or probabilistic), and on the other hand it captures various algebraic structures. Technically, the computations are maps in the Kleisli category of the monad, whereas the algebraic structures are described via the category of so-called Eilenberg-Moore algebras. The Kleisli approach has become common in program semantics and functional programming (notably in the language Haskell), starting with the seminal paper [23]. The algebraic structure captured by the monad exists on these programs (as Kleisli maps), technically because the Kleisli category is enriched over the category of algebras.

Interestingly, the range of examples of monads has been extended recently from computation to program logic. So-called Hoare monads [24, 29] and Dijkstra monads [28] have been defined in a systematic approach to program verification. Via these monads one describes not only a program but also the associated correctness assertions. These monads have been introduced in the language of a theorem prover, but have not been investigated systematically from a categorical perspective. Here we do so for the Dijkstra monad. We generalise the original definition from [28] and show that a “Dijkstra” monad can be associated with various well-known monads that are used for modelling computations. (The Hoare monad will be mentioned briefly towards the end.)

Since the Dijkstra (and Hoare) monads combine both semantics and logic of programs, we need to look at these two areas in a unified manner. From previous work [13] (see also [12]) a view on program semantics and logic emerged involving a triangle of the form:

(1)

The three nodes in this diagram represent categories of which only the morphisms are described. The arrows between these nodes are functors, where the two arrows \(\rightleftarrows \) at the top form an adjunction. The two triangles involved should commute. In the case where two up-going “predicate” and “state” functors and in (1) are full and faithful, we have three equivalent ways of describing computations. On morphisms, the predicate functor yields what is called substitution in categorical logic, but what amounts to a weakest precondition operation in program semantics.

The upper category on the left is of the form \({\mathbf {Log}}^{\mathrm{op }}\), where \({\mathbf {Log}}\) is some category of logical structures. The opposite category \((-)^{\mathrm{op }}\) is needed because predicate transformers operate in the reverse direction, taking a post-condition to a precondition. In this paper we do not expand on the precise logical structure involved (which connectives, which quantifiers, etc. in \({\mathbf {Log}}\)) and simply claim that this ‘indexed category’ on the left is a model of some predicate logic. The reason is that at this stage we don’t need more structure than ‘substitution’, which is provided by the functoriality of

In a setting of quantum computation this translation back-and-forth \(\rightleftarrows \) in (1) is associated with the different approaches of Heisenberg (logic-based, working backwards) and Schrödinger (state-based, working forwards), see e.g. [9]. In certain cases the adjunction \(\rightleftarrows \) forms — or may be restricted to — an equivalence of categories, yielding a duality situation. It shows the importance of duality theory in program semantics and logic; this topic has a long history, going back to [1].

Almost all of our examples of computations are given by maps in a Kleisli category of a monad. In this monadic setting, the right-hand-side of the diagram (1) is the full and faithful “comparison” functor \(\mathcal {K}{}\ell (T) \rightarrow \mathcal {E}{}\mathcal {M}(T)\), for the monad \(T\) at hand. This functor embeds the Kleisli category in the category of (Eilenberg-Moore) algebras. The left-hand-side takes the form \(\mathcal {K}{}\ell (T) \rightarrow {\mathbf {Log}}^{\mathrm{op }}\), and forms an indexed category (or, if you like, a fibration), and thus a categorical model of predicate logic. The monad \(T\) captures computations as maps in its Kleisli category. And via the predicate logic in (1) an associated monad is defined (in Sect. 5) that captures predicate transformers. Therefore, this new monad is called a “Dijkstra” monad, following [28].

We list the main points of this paper.

  1. 1.

    The paper explains the unified view on program semantics and logic as given by the above triangle (1) by presenting many examples, involving non-deterministic, partial, linear, probabilistic, and also quantum computation. This involves some new results, like the adjunction for partial computation in (5) in the next section.

  2. 2.

    Additionally, in many of these examples the enriched nature of these categories and functors is shown, capturing some essential compositional aspects of the weakest precondition operation. The role of these enrichments resembles the algebraic effects, see e.g. [25]; it goes beyond the topic of the current paper, but definitely deserves further investigation.

  3. 3.

    A necessary step towards understanding the Dijkstra monad is made, by simplifying previous accounts [28] and casting them in proper categorical language.

  4. 4.

    Using this combined view on computations and logic, for the different monad examples \(T\) in this paper, an associated “Dijkstra monad” \(\mathfrak {D}_T\) is defined. This definition depends on the logic \({\mathbf {Log}}\) that is used to reason about \(T\), since the monad is defined via a homset in this category \({\mathbf {Log}}\). This logic-based approach goes well beyond the particular logic that is used in the original article [28], where the Dijkstra monad is introduced, since it now also applies to for instance probabilistic computation, in various forms.

  5. 5.

    Once we have the Dijkstra monad \(\mathfrak {D}_T\) associated with \(T\) we define a “map of monads” \(\mathfrak {S}_{T} \Rightarrow \mathfrak {D}_T\), where \(\mathfrak {S}_T\) is the \(T\)-state monad, obtained by applying the state monad transformer to \(T\). This map of monads is precisely the weakest precondition operation (categorically: substitution). This operation that is fundamental in the work of Dijkstra is thus captured neatly in categorical/monadic terms.

  6. 6.

    Finally, a general construction is presented that defines the Dijkstra monad \(\mathfrak {D}_T\) for an arbitrary monad \(T\) on \({\mathbf {Sets}} \). A deeper understanding of the construction requires a systematic account of how the categories “\({\mathbf {Log}}\)” in (1) arise in general. This is still beyond current levels of understanding.

We assume that the reader is familiar with the basic concepts of category theory, especially with the theory of monads. The organisation of the paper is as follows: the first three Sects. 24 elaborate instances of the triangle (1) for non-deterministic, linear & probabilistic, and quantum computation. Subsequently, Sect. 5 shows how to obtain the Dijkstra monads for the different (concrete) monad examples, and proves that weakest precondition computation forms a map of monads. These examples are generalised in Sect. 6. Finally, Sect. 7 wraps up with some concluding remarks.

2 Non-deterministic and Partial Computation

The powerset operation \(\mathcal {P}(X) = {\{}U\;|\;U\subseteq X{\}}\) yields a monad \(\mathcal {P}:{\mathbf {Sets}} \rightarrow {\mathbf {Sets}} \) with unit \(\eta = \{-\}\) given by singletons and multiplication \(\mu = \bigcup \) by union. The associated Kleisli category \(\mathcal {K}{}\ell (\mathcal {P})\) is the category of sets and non-deterministic functions \(X\rightarrow \mathcal {P}(Y)\), which may be identified with relations \(R\subseteq X\times Y\). The category \(\mathcal {E}{}\mathcal {M}(\mathcal {P})\) of (Eilenberg-Moore) algebras is the category \({\mathbf {CL}} _{\bigvee }\) of complete lattices and join-preserving functions. In this situation diagram (1) takes the form:

(2)

where \({\mathbf {CL}} _{\bigwedge }\) is the category of complete lattices and meet-preserving maps. The isomorphism \(\cong \) arises because each join-preserving map between complete lattices corresponds to a meet-preserving map in the other direction. The upgoing “state” functor on the right is the standard full and faithful functor from the Kleisli category of a monad to its category of algebras. The predicate functor on the left sends a set \(X\) to the powerset \(\mathcal {P}(X)\) of predicates/subsets, as complete lattices; a Kleisli map \(f:X \rightarrow \mathcal {P}(Y)\) yields a map:

(3)

In categorical logic, this is often written as \(f^{*}\), and called a substitution functor. In modal logic one may write it as \(\square _{f}\). In the current context we also write it as since it forms the weakest precondition operation for \(f\), see [4]. Clearly, it preserves arbitrary meets (intersections). It is not hard to see that the triangle (2) commutes.

Interestingly, the diagram (2) involves additional structure on homsets. If we have a collection of parallel maps \(f_{i}\) in \(\mathcal {K}{}\ell (\mathcal {P})\), we can take their (pointwise) join \(\bigvee \nolimits _{i\in I}f_{i}\). Pre- and post-composition preserves such joins. This means that the Kleisli category \(\mathcal {K}{}\ell (\mathcal {P})\) is enriched over the category \({\mathbf {CL}} _{\bigvee }\). The category \({\mathbf {CL}} _{\bigvee }\) is monoidal closed, and thus enriched over itself. Also the category \(({\mathbf {CL}} _{\bigwedge })^{\mathrm{op }}\) is enriched over \({\mathbf {CL}} _{\bigvee }\), with joins given by pointwise intersections. Further, the functors in (2) are enriched over \({\mathbf {CL}} _{\bigvee }\), which means that they preserve these joins on posets. In short, the triangle is a diagram in the category of categories enriched over \({\mathbf {CL}} _{\bigvee }\). In particular, the predicate functor is enriched, which amounts to the familiar law for non-deterministic choice in weakest precondition reasoning:

A less standard monad for non-determinism is the ultrafilter monad \(\mathcal {U}:{\mathbf {Sets}} \rightarrow {\mathbf {Sets}} \). A convenient way to describe it, at least in the current setting, is:

$$\mathcal {U}(X) = {\mathbf {BA}} \big (\mathcal {P}(X), 2\big ) = {\{}f:\mathcal {P}(X)\rightarrow 2\;|\;f \text{ is } \text{ a } \text{ map } \text{ of } \text{ Boolean } \text{ algebras }{\}}. $$

For a finite set \(X\) one has

A famous result of [19] says that the category of algebras of \(\mathcal {U}\) is the category \({\mathbf {CH}} \) of compact Hausdorff spaces (and continuous functions). It yields the following triangle.

(4)

The predicate functor sends a set \(X\) to the Boolean algebra \(\mathcal {P}(X)\) of subsets of \(X\). For a map \(f:X \rightarrow \mathcal {U}(Y)\) we get \(f^{*}:\mathcal {P}(Y) \rightarrow \mathcal {P}(X)\) by \(f^{*}(Q) = {\{}x\;|\;f(x)(Q) = 1{\}}\). This functor is full and faithful, almost by construction.

The precise enrichment in this case is unclear. Enrichment over (compact Hausdorff) spaces, if present, is not so interesting because it does not provide algebraic structure on computations.

We briefly look at the lift (or “maybe”) monad \(\mathcal {L}:{\mathbf {Sets}} \rightarrow {\mathbf {Sets}} \), given by \(\mathcal {L}(X) = 1 + X\). Its Kleisli category \(\mathcal {K}{}\ell (\mathcal {L})\) is the category of sets and partial functions. And its (equivalent) category of algebra \(\mathcal {E}{}\mathcal {M}(\mathcal {L})\) is the category \({\mathbf {Sets}} _\bullet \) of pointed sets, \((X,\bullet _{X})\), where \(\bullet _{X}\in X\) is a distinguished element; morphisms in \({\mathbf {Sets}} _\bullet \) are “strict”, in the sense that they preserve such points. There is then a situation:

(5)

We call a complete lattice atomic if (1) each element is the join of atoms below it, and (2) binary meets \(\wedge \) distribute over arbitrary joins \(\bigvee \). Recall that an atom \(a\) is a non-bottom element satisfying \(x<a \Rightarrow x=\bot \). We write for the subset of atoms. In such an atomic lattice atoms \(a\) are completely join-irreducible: for a non-empty index set \(I\), if \(a \le \bigvee \nolimits _{i\in I}x_{i}\) then \(a\le x_{i}\) for some \(i\in I\).

The category \({\mathbf {ACL}} _{\bigvee \nolimits _{\bullet },\wedge }\) contains atomic complete lattices, with maps preserving non-empty joins (written as \(\bigvee \nolimits _{\bullet }\)) and binary meets \(\wedge \). Each Kleisli map \(f:X \rightarrow \mathcal {L}(Y) = \{\bot \}\cup Y\) yields a substitution map \(f^{*} :\mathcal {P}(Y) \rightarrow \mathcal {P}(X)\) by \(f^{*}(Q) = {\{}x\;|\;\forall {y}.\,f(x) = y \Rightarrow Q(y){\}}\). This \(f^{*}\) preserves \(\wedge \) and non-empty joins \(\bigvee \nolimits _\bullet \). Notice that \(f^{*}(\emptyset ) = {\{}x\;|\;f(x)=\bot {\}}\), which need not be empty.

The adjunction \(({\mathbf {ACL}} _{\bigvee \nolimits _{\bullet },\wedge })^{\mathrm{op }} \rightleftarrows {\mathbf {Sets}} _{\bullet }\) amounts to a bijective correspondence:

This correspondence works as follows. Given \(f:L \rightarrow \mathcal {P}(X-\bullet )\) notice that Hence for each \(x\in X\) there is an atom \(a\) with \(x\in f(a)\). We define as:

$$\overline{f}(x) = \left\{ \begin{array}{ll} a &{} \text{ if } x \in f(a) - f(\bot ) \\ \bot &{}\text{ otherwise. } \end{array}\right. $$

This is well-defined: if \(x\) is both in \(f(a)-f(\bot )\) and in \(f(a')-f(\bot )\), for \(a\ne a'\), then \(x\in (f(a)\cap f(a'))-f(\bot ) = f(a\wedge a') - f(\bot ) = f(\bot )-f(\bot ) = \emptyset \).

In the other direction, given define for \(y\in L\),

It is not hard to see that this yields a commuting triangle (5), and that the (upgoing) functors are full and faithful.

3 Linear and (sub)Convex Computation

We sketch two important sources for linear and (sub)convex structures.

  1. 1.

    If \(A\) is a matrix, say over the real numbers \(\mathbb {R}\), then the set of solution vectors \(v\) of the associated homogeneous equation \(Av = 0\) forms a linear space: it is closed under finite additions and scalar multiplication. For a fixed vector \(b\ne 0\), the solutions \(v\) of the non-homogeneous equation \(Ax = b\) form a convex set: it is closed under convex combinations \(\sum \nolimits _{i}r_{i}v_{i}\) of solutions \(v_{i}\) and “probability” scalars \(r_{i}\in [0,1]\) with \(\sum \nolimits _{i}r_{i} = 1\). Finally, for \(b\ge 0\), the solutions \(v\) to the inequality \(Av \le b\) are closed under subconvex combinations \(\sum \nolimits _{i}r_{i}v_{i}\) with \(\sum \nolimits _{i}r_{i} \le 1\). These examples typically occur in linear programming.

  2. 2.

    If \(V\) is a vector space of some sort, we can consider the space of linear functions \(f:V \rightarrow \mathbb {R}\) to the real (or complex) numbers. This space is linear again, via pointwise definitions. Now if \(V\) contains a unit \(1\), we can impose an additional requirement that such functions \(f:V \rightarrow \mathbb {R}\) are ‘unital’, i.e. satisfy \(f(1)=1\). This yields a convex set of functions, where \(\sum \nolimits _{i}r_{i}f_{i}\) again preserves the unit, if \(\sum \nolimits _{i}r_{i} = 1\). If we require only \(0 \le f(1) \le 1\), making \(f\) ‘subunital’, we get a subconvex set. These requirements typically occur in a setting of probability measures.

Taking (formal) linear and (sub)convex combinations over a set yields the structure of a monad. We start by recalling the definitions of these (three) monads, namely the multiset monad \(\mathcal {M}_{R}\), the distribution monad \(\mathcal {D}\), and the subdistribution monad \(\mathcal {D}_{\le 1}\), see [12] for more details. A semiring is given by a set \(R\) which carries a commutative monoid structure \((+,0)\), and also another monoid structure \((\cdot , 1)\) which distributes over \((+,0)\). As is well-known [11], each such semiring \(R\) gives rise to a multiset monad \(\mathcal {M}_{R} :{\mathbf {Sets}} \rightarrow {\mathbf {Sets}} \), where:

where is the support of \(\varphi \). Such \(\varphi \in \mathcal {M}_{R}(X)\) may also be written as finite formal sum \(\varphi = \sum \nolimits _{i}s_{i}|{}x_i{}\rangle \) where and \(s_{i} = \varphi (x_{i}) \in R\) is the multiplicity of \(x_{i}\in X\). The “ket” notation \(|{}x{}\rangle \) for \(x\in X\) is just syntactic sugar. The unit of the monad is given by \(\eta (x) = 1|{}x{}\rangle \) and its multiplication by \(\mu (\sum \nolimits _{i}s_{i}|{}\varphi _{i}{}\rangle ) = \sum \nolimits _{x} (\sum \nolimits _{i}s_{i}\cdot \varphi _{i}(x))|{}x{}\rangle \).

The distribution monad \(\mathcal {D}:{\mathbf {Sets}} \rightarrow {\mathbf {Sets}} \) is defined similarly. It maps a set \(X\) to the set of finite formal convex combinations over \(X\), as in:

The unit \(\eta \) and multiplication \(\mu \) for \(\mathcal {D}\) are as for \(\mathcal {M}_R\). We consider another variation, namely the subdistribution monad \(\mathcal {D}_{\le 1}\), where \(\mathcal {D}_{\le 1}(X)\) contains the formal subconvex combinations \(\sum \nolimits _{i}r_{i}|{}x_i{}\rangle \) where \(\sum \nolimits _{i}r_{i}\le 1\). It has the same unit and multiplication as \(\mathcal {D}\).

These three monads \(\mathcal {M}_{R}, \mathcal {D}\) and \(\mathcal {D}_{\le 1}\) are used to capture different kinds of computation, in the style of [23]. Maps (coalgebras) of the form \(c:X \rightarrow \mathcal {M}_{R}(X)\) capture “multi-computations”, which can be written in transition notation as if \(c(x)(x') = r\). This label \(r\in R\) can represent the time or cost of a transition. Similarly, the monads \(\mathcal {D}\) and \(\mathcal {D}_{\le 1}\) capture probabilistic computation: for coalgebras \(c:X \rightarrow \mathcal {D}(X)\) or \(c:X \rightarrow \mathcal {D}_{\le 1}(X)\) we can write if \(c(x)(x') = r\in [0,1]\) describes the probability of the transition \(x \rightarrow x'\).

The category \(\mathcal {E}{}\mathcal {M}(\mathcal {M}_{R})\) of (Eilenberg-Moore) algebras of the multiset monad \(\mathcal {M}_{R}\) contains the modules over the semiring \(R\). Such a module is given by a commutative monoid \(M = (M, +, 0)\) together with a scalar multiplication \(S\times M \rightarrow M\) which preserves \((+,0)\) in both arguments. More abstractly, if we write \({\mathbf {CMon}} \) for the category of commutative monoids, then the semiring \(R\) is a monoid in \({\mathbf {CMon}} \), and the category \({\mathbf {Mod}} _{R} = \mathcal {E}{}\mathcal {M}(\mathcal {M}_{R})\) of modules over \(R\) is the category of \(R\)-actions \(R\otimes M \rightarrow M\) in \({\mathbf {CMon}} \), see also [21, VII§4]. For instance, for the semiring \(R = \mathbb {N}\) of natural numbers we obtain \({\mathbf {CMon}} = \mathcal {E}{}\mathcal {M}(\mathcal {M}_{\mathbb {N}})\) as associated category of algebras; for \(R = \mathbb {R}\) or \(R = \mathbb {C}\) we obtain the categories \({\mathbf {Vect}} _{\mathbb {R}}\) or \({\mathbf {Vect}} _{\mathbb {C}}\) of vector spaces over real or complex numbers; and for the Boolean semiring \(R = 2 = \{0,1\}\) we get the category \({\mathbf {JSL}}\) of join semi-lattices, since \(\mathcal {M}_{2}\) is the finite powerset monad.

We shall write \({\mathbf {Conv}} = \mathcal {E}{}\mathcal {M}(\mathcal {D})\) for the category of convex sets. These are sets \(X\) in which for each formal convex sum \(\sum \nolimits _{i}r_{i}|{}x_i{}\rangle \) there is an actual convex sum \(\sum \nolimits _{i}r_{i}x_{i} \in X\). Morphisms in \({\mathbf {Conv}} \) preserve such convex sums, and are often called affine functions. A convex set can be defined alternatively as a barycentric algebra [27], see [10] for the connection. Similarly, we write \({\mathbf {Conv}}_{\le 1} = \mathcal {E}{}\mathcal {M}(\mathcal {D}_{\le 1})\) for the category of subconvex sets, in which subconvex sums exist.

For linear “multi” computation and computation the general diagram (1) takes the following form, where \({\mathbf {Mod}} _{R} = \mathcal {E}{}\mathcal {M}(\mathcal {M}_{R})\) and \({\mathbf {Conv}} = \mathcal {E}{}\mathcal {M}(\mathcal {D})\).

(6)

The adjunction \(({\mathbf {Mod}} _{R})^{\mathrm{op }} \rightleftarrows {\mathbf {Mod}} _{R}\) is given by the correspondence between homomorphisms \(M \rightarrow (N\multimap R)\) and \(N \rightarrow (M\multimap R)\), where \(\multimap \) is used for linear function space. The predicate functor \(R^{(-)} :\mathcal {K}{}\ell (\mathcal {M}_{R}) \rightarrow ({\mathbf {Mod}} _{R})^{\mathrm{op }}\) sends a set \(X\) to the module \(R^{X}\) of functions \(X\rightarrow R\), with pointwise operations. A Kleisli map \(f:X \rightarrow \mathcal {M}_{R}(Y)\) yields a map of modules \(f^{*} = R^{f}:R^{Y} \rightarrow R^{X}\) by \(f^{*}(q)(x) = \sum \nolimits _{y} q(y) \cdot f(x)(y)\). Like before, this \(f^{*}(q)\) may be understood as the weakest precondition of the post-condition \(q\). In one direction the triangle commutes: since \(\mathcal {M}_{R}(X)\) is the free module on \(X\). Commutation in the other direction, that is holds for finite sets \(X\). Hence in order to get a commuting triangle we should restrict to the full subcategory \(\mathcal {K}{}\ell _{\mathbb {N}}(\mathcal {M}_{R}) \hookrightarrow \mathcal {K}{}\ell (\mathcal {M}_{R})\) with objects \(n\in \mathbb {N}\), considered as \(n\)-element set.

Now let \(R\) be a commutative semiring. The triangle (6) is then a diagram enriched over \({\mathbf {Mod}} _{R}\): the categories, functors, and natural transformations involved are all enriched. Indeed, if the semiring \(R\) is commutative, then so is the monad \(\mathcal {M}_{R}\), see e.g. [12]; this implies that \({\mathbf {Mod}} _{R}\) is monoidal closed, and in particular enriched over itself. Similarly, the Kleisli category \(\mathcal {K}{}\ell (\mathcal {M}_{R})\) is then enriched over \({\mathbf {Mod}} _{R}\).

In the probabilistic case one can choose to use a logic with classical predicates (subsets, or characteristic functions) \(\{0,1\}^{X}\) or ‘fuzzy predicates’ \([0,1]^{X}\). These options are captured in the following two triangles.

(7)

The adjunctions both come from [12]. The one on the left is investigated further in [20]. It uses the category \({\mathbf {PreFrm}} \) of preframes: posets with directed joins and finite meets, distributing over these joins, see [16]. Indeed, for a Kleisli map \(f:X \rightarrow \mathcal {D}(Y)\) we have a substitution functor \(f^{*} :\mathcal {P}(Y) \rightarrow \mathcal {P}(X)\) in \({\mathbf {PreFrm}} \) given by This \(f^*\) preserves directed joins because the support of \(f(x)\in \mathcal {D}(Y)\) is finite.

The homsets \({\mathbf {PreFrm}} (X,Y)\) of preframe maps \(X \rightarrow Y\) have finite meets \(\wedge ,\top \), which can be defined pointwise. As a result, these homsets are convex sets, in a trivial manner: a sum \(\sum \nolimits _{i}r_{i}h_{i}\) is interpreted as \(\bigwedge \nolimits _{i}h_{i}\), where we implicitly assume that \(r_{i} > 0\) for each \(i\). With this in mind one can check that the triangle on the left in (7) is enriched over \({\mathbf {Conv}} \). It yields the rule

The situation on the right in (7) requires more explanation. We sketch the essentials. A partial commutative monoid (PCM) is a given by a set \(M\) with a partial binary operation which is commutative and associative, in a suitable sense, and has a zero element \(0\in M\). One writes \(x\mathrel {\bot }y\) if is defined. A morphism \(f:M \rightarrow N\) of PCMs satisfies: \(x \mathrel {\bot }x'\) implies \(f(x) \mathrel {\bot }f(x')\), and then This yields a category which we shall write as \({\mathbf {PCMon}} \).

The unit interval \([0,1]\) is clearly a PCM, with defined and equal to \(r+r'\) if \(r+r'\le 1\). With its multiplication operation this \([0,1]\) is a monoid in the category \({\mathbf {PCMon}} \), see [14] for details. We define a category of partial commutative modules; its objects are PCMs \(M\) with an action \([0,1] \times M \rightarrow M\), forming a homomorphism of PCMs in both coordinates. These partial commutative modules are thus like vector spaces, except that their addition is partial and their scalars are probabilities in \([0,1]\).

Example 1

Consider the set of partial functions from a set \(X\) to the unit interval \([0,1]\). Thus, for such a \(f:X\rightharpoonup [0,1]\) there is an output value \(f(x)\in [0,1]\) only for \(x\in X\) which are in the domain Obviously, one can define scalar multiplication \(r\mathrel {\bullet }f\), pointwise, without change of domain. We take the empty function — nowhere defined, with empty domain — as zero element. Consider the following two partial sums that turn these partial functions into a partial commutative module.

One way to define a partial sum is to define \(f\mathrel {\bot }g\) as the sum is defined on the union of the domains, via case distinction.

A second partial sum is defined if for each one has \(f(x)+g(x)\le 1\). For those \(x\) in the overlap of domains, we define and elsewhere is \(f\) on and \(g\) on

An effect algebra (see [5, 7]) is a PCM with for each element \(x\) a unique complement \(x^{\perp }\) satisfying together with the requirement \(1 \mathrel {\bot }x \Rightarrow x=0\). In the unit interval \([0,1]\) we have \(r^{\perp } = 1-r\). In Example 1 for both the partial sums and one does not get an effect algebra: in the first case there is not always an \(f^{\perp }\) with where \(1\) is the function that is everywhere defined and equal to \(1\). For there is \(f^{\perp }\) with but \(f^{\perp }\) need not be unique. E.g. the function \(1\) has both the empty function and the everywhere 0 function as complement. We can adapt this example to an effect algebra by considering only partial functions \(X \rightharpoonup (0,1]\), excluding \(0\) as outcome.

A map of effect algebras \(f\) is a map of PCMs satisfying \(f(1)=1\). This yields a subcategory \({\mathbf {EA}} \hookrightarrow {\mathbf {PCMon}} \). An effect module is at the same time an effect algebra and a partial commutative module. We get a subcategory \({\mathbf {EMod}} \hookrightarrow {\mathbf {PCMod}} \). By “homming into \([0,1]\)” one obtains an adjunction \({\mathbf {EMod}} ^{\mathrm{op }} \rightleftarrows {\mathbf {Conv}} \), see [12] for details. The resulting triangle on the right in (7) commutes in one direction, since \({\mathbf {Conv}} (\mathcal {D}(X), [0,1]) \cong [0,1]^{X}\). In the other direction one has \({\mathbf {EMod}} ([0,1]^{X}, [0,1]) \cong \mathcal {D}(X)\) for finite sets \(X\).

In [26] it is shown that each effect module is a convex set. The proof is simple, but makes essential use of the existence of orthocomplements \((-)^\perp \). In fact, the category \({\mathbf {EMod}} \) is enriched over \({\mathbf {Conv}} \). Even stronger, the triangle on the right in (7) is enriched over \({\mathbf {Conv}} \). This yields

There are two variations on the distribution monad \(\mathcal {D}\) that are worth pointing out. The first one is the expectation monad \(\mathcal {E}(X) = {\mathbf {EMod}} ([0,1]^{X},[0,1])\) introduced in [15] (and used for instance in [2] for probabilistic program semantics). It can be seen as a probabilistic version of the ultrafilter monad from the previous section. For a finite set one has \(\mathcal {E}(X) \cong \mathcal {D}(X)\). The category of algebras \(\mathcal {E}{}\mathcal {M}(\mathcal {E})\) contains the convex compact Hausdorff spaces, see [15]. This monad \(\mathcal {E}\) gives rise to a triangle as on the left below, see [15] for details.

(8)

The triangle on the right captures continuous probabilistic computation, via the Giry monad \(\mathcal {G}\) on the category \({\mathbf {Meas}} \) of measurable spaces. This is elaborated in [13]. The category \(\sigma {\mathbf {EMod}} \) contains effect modules in which countable ascending chains have a join. Both these triangles commute, and are enriched over convex sets.

We continue with the category \({\mathbf {Conv}}_{\le 1} = \mathcal {E}{}\mathcal {M}(\mathcal {D}_{\le 1})\) of subconvex sets. We now get a triangle of the form:

(9)

We need to describe the category \({\mathbf {GEMod}} \) of generalised effect modules. First, a generalised effect algebra, according to [5], is a partial commutative monoid (PCM) in which and hold. In that case one can define a partial order \(\le \) in the usual way. We obtain a full subcategory \({\mathbf {GEA}} \hookrightarrow {\mathbf {PCMon}} \). In fact we have \({\mathbf {EA}} \hookrightarrow {\mathbf {GEA}} \hookrightarrow {\mathbf {PCMon}} \), since a generalised effect algebra is not an effect algebra, but a more general ‘topless’ structure: a generalized effect algebra with a top element \(1\) is an effect algebra.

One can now add multiplication with scalars from \([0,1]\) to generalised effect algebras, like for partial commutative modules. But we require more, namely the existence of subconvex sums for \(r_{i}\in [0,1]\) with \(\sum \nolimits _{i}r_{i} \le 1\). As noted before, such sums exist automatically in effect algebras, but this is not the case in generalised effect algebra with scalar multiplication, as the first structure in Example 1 illustrates. Thus we define a full subcategory \({\mathbf {GEMod}} \hookrightarrow {\mathbf {PCMod}} \), where objects of \({\mathbf {GEMod}} \) are at the same time partial commutative modules and generalised effect algebras, with the additional requirement that all subconvex sums exist. Summarising, we have the following diagram of ‘effect’ structures, where the bottom row involves scalar multiplication.

Once we know what generalized effect modules are, it is easy to see that ‘homming into \([0,1]\)’ yields the adjunction in (9). Moreover, this diagram (9) is enriched over \({\mathbf {Conv}}_{\le 1} \), so that weakest precondition preserves subconvex sums of Kleisli maps (programs).

4 Quantum Computation, Briefly

In this section we wish to point out that the triangle (1) applies beyond the monadic setting. For instance, quantum computation, modelled via the category \({\mathbf {Cstar}}_{{\mathrm {PU}}} \) of \(C^*\)-algebras (with unit) and positive, unital maps, one obtains a triangle:

(10)

The predicate functor sends a \(C^*\)-algebra \(A\) to the unit interval \([0,1]_{A}\subseteq A\) of “effects” in \(A\), where \([0,1]_{A} = \{a\in A\;|\;0 \le a \le 1\}\). This functor is full and faithful, see [8]. On the other side, the state functor sends a \(C^*\)-algebra \(A\) to the (convex) set of its states, given by the homomorphisms \(A\rightarrow \mathbb {C}\). This diagram is enriched over convex sets. A similar setting of states and effects, for Hilbert spaces instead of \(C^*\)-algebras, is used in [3] for a quantum precondition calculus.

In [8] it was shown that commutative \(C^*\)-algebras, capturing the probabilistic, non-quantum case, can be described as a Kleisli category. It is unclear if the non-commutative, proper quantum, case can also be described via a monad.

5 Dijkstra Monad Examples

In [28] the “Dijkstra” monad is introduced, as a variant of the “Hoare” monad from [24]. It captures weakest precondition computations for the state monad \(X \mapsto (S\times X)^{S}\), where \(S\) is a fixed collection of states (the heap). Here we wish to give a precise description of the Dijkstra monad, for various concrete monads \(T\).

For the powerset monad \(\mathcal {P}\), a first version of the Dijkstra monad, following the description in [28], yields \(\mathfrak {D}_{\mathcal {P}} :{\mathbf {Sets}} \rightarrow {\mathbf {Sets}} \) defined as:

$$\begin{aligned} \mathfrak {D}_{\mathcal {P}}(X) = \mathcal {P}(S)^{\mathcal {P}(S\times X)}, \end{aligned}$$
(11)

where \(S\) is again a fixed set of states. Thus, an element \(w\in \mathfrak {D}_{\mathcal {P}}(X)\) is a function \(w:\mathcal {P}(S\times X) \rightarrow \mathcal {P}(S)\) that transforms a postcondition \(Q\in \mathcal {P}(X\times S)\) into a precondition \(w(Q)\in \mathcal {P}(S)\). The post-condition is a binary predicate, on both an output value from \(X\) and a state from \(S\); the precondition is a unary predicate, only on states.

In this first version (11) we simply take all functions \(\mathcal {P}(S\times X) \rightarrow \mathcal {P}(S)\). But in the triangle (2) we see that predicate transformers are maps in \({\mathbf {CL}} _{\bigwedge }\), i.e. are meet-preserving maps between complete lattices. Hence we now properly (re)define \(\mathfrak {D}_\mathcal {P}\) as the set of meet-preserving functions:

(12)

This is indeed a monad, following [28], with unit and multiplication:

$$\eta (x) = \lambda Q.\,{\{}s\;|\;(s,x)\in Q{\}} \qquad \mu (H) = \lambda Q.\,H\big ({\{}(s,h)\;|\;s\in h(Q){\}}\big ). $$

We introduce some notation (\(\mathfrak {S}\), i.e. fraktur \(S\)) for the result of applying the state transformer monad to an arbitrary monad (see e.g. [18]).

Definition 1

For a monad \(T:{\mathbf {Sets}} \rightarrow {\mathbf {Sets}} \) and for a fixed set (of “states”) \(S\), the \(T\)-state monad \(\mathfrak {S}_{T}\) is defined as:

For the record, its unit and multiplication are given by:

$$x \longmapsto \lambda s\in S.\,\eta (s,x) \quad \text{ and }\quad H \longmapsto \mu \mathrel {\circ }T(\lambda (s,h).\,h(s)) \mathrel {\circ }H, $$

where \(\eta ,\mu \) are the unit and multiplication of \(T\).

Proposition 1

There is a map of monads \(\mathfrak {S}_{\mathcal {P}} \Rightarrow \mathfrak {D}_{\mathcal {P}}\) from the \(\mathcal {P}\)-state monad to the \(\mathcal {P}\)-Dijkstra monad (12), with components:

given by substitution/weakest precondition:

following the description from (3).

Proof

We have to check that substitution is natural in \(X\) and commutes with the units and multiplications. This is easy; for instance:

At this stage the generalisation of the Dijkstra monad for other monads — with an associated logic as in (1) — should be clear. For instance, for the multiset \(\mathcal {M}_R\) and (sub)distribution monad \(\mathcal {D},\mathcal {D}_{\le 1}\) we use the triangles in (6), (7) and (9) to define associated Dijkstra monads:

(13)

Then there is the following result, analogously to Proposition 1. The proofs involve extensive calculations but are essentially straightforward.

Proposition 2

For the multiset, distribution, and subdistribution monads \(\mathcal {M}_{R}, \mathcal {D}\), and \(\mathcal {D}_{\le 1}\) there are maps of monads given by substitution:

from the associated state monads to the associated Dijkstra monads (13). \(\quad \square \)

The Dijkstra monad associated with the expectation monad \(\mathcal {E}\) is the same as for the distribution monad \(\mathcal {D}\). Hence one gets a map of monads \(\mathfrak {S}_{\mathcal {E}} \Rightarrow \mathfrak {D}_{\mathcal {D}}\), with substitution components:

where \(f^{*}(q)(s) = f(s)(q)\). Details are left to the reader.

6 Dijkstra’s Monad, Beyond Examples

In the end it remains a bit unsatisfactory to see only particular instances of what we called a Dijkstra monad \(\mathfrak {D}_{T}\). Below we offer a more general description, even though it is not the definitive story. For convenience we restrict ourselves to monads on \({\mathbf {Sets}} \).

So let \(T:{\mathbf {Sets}} \rightarrow {\mathbf {Sets}} \) be an arbitrary monad. As observed in (an exercise in) [11], each (fixed) Eilenberg-Moore algebra \(\omega :T(\varOmega ) \rightarrow \varOmega \) determines an adjunction \({\mathbf {Sets}} ^{\mathrm{op }} \rightleftarrows \mathcal {E}{}\mathcal {M}(T)\), via functors \(\varOmega ^{(-)} :{\mathbf {Sets}} ^{\mathrm{op }} \rightarrow \mathcal {E}{}\mathcal {M}(T)\) and It makes sense to require that the algebra \(\omega \) is a cogenerator in \(\mathcal {E}{}\mathcal {M}(T)\), making the unit of the adjunction injective, but this is not needed in general. The adjunction can be generalised to strong monads on monoidal categories with equalisers, but that is not so relevant at this stage.

With this adjunction we can form a triangle of the form:

(14)

The induced predicate functor is defined on a Kleisli map \(f:X \rightarrow T(Y)\) as:

$$\varOmega ^{Y} \ni q \longmapsto \Big (X\mathop {\longrightarrow }\limits ^{f} T(Y)\mathop {\longrightarrow }\limits ^{T(q)} T(\varOmega ) \mathop {\longrightarrow }\limits ^{\omega } \varOmega \Big ). $$

Appropriate restrictions of this adjunction may give rise to more suitable triangles, like in (2) and (4)–(9). How to do this restriction in a systematic manner is unclear at this stage.

But what we can do is define for a fixed set of states \(S\), a Dijkstra monad, namely:

(15)

There is a unit \(\eta _{X} :X \rightarrow \mathfrak {D}_{T}(X)\), namely \(\eta _{X}(x)(q)(s) = q(s,x)\), and a multiplication \(\mu _{X} :(\mathfrak {D}_{T})^{2}(X) \rightarrow \mathfrak {D}_{T}(X)\) given by \(\mu (H)(q) = H\big (\lambda (t,k).\,k(q)(t)\big )\).

In this general situation we can define a map of monads \(\sigma :\mathfrak {S}_{T} \Rightarrow \mathfrak {D}_{T}\), where \(\mathfrak {S}_{T}\) is the \(T\)-state monad \(X\mapsto T(S\times X)^{S}\) from Definition 1. This \(\sigma \) has components \(\sigma _{X} :T(S\times X)^{S} \rightarrow {\mathbf {Sets}} (\varOmega ^{S\times X}, \varOmega ^{S})\) given by weakest precondition:

Thus, in this purely set-theoretic setting we can define for an arbitrary monad \(T\) an associated Dijkstra monad \(\mathfrak {D}_T\) as in (15), together with a ‘weakest precondition’ map of monads \(\mathfrak {S}_{T} \Rightarrow \mathfrak {D}_{T}\). However, the general formulation (15) does not take into account that predicate transformers preserve certain logical structure, as in the concrete examples in Sect. 5.

We conclude with two more observations.

  1. 1.

    In the triangle (14) there are two functors \(\mathcal {K}{}\ell (T) \rightarrow \mathcal {E}{}\mathcal {M}(T)\), namely the comparison functor \(K\) and There is a natural transformation \(\tau :K \Rightarrow L\) with components:

    $$\tau _{X}(u)(p) = \big (\omega \mathrel {\circ }T(p)\big )(u) \quad \text{ where } u\in K(X) = T(X) \text{ and } p\in \varOmega ^{X}. $$

    The triangle (14) commutes in both directions if this \(\tau \) is an isomorphism.

  2. 2.

    By composing the two adjunctions \({\mathbf {Sets}} \rightleftarrows \mathcal {E}{}\mathcal {M}(T) \rightleftarrows {\mathbf {Sets}} ^{\mathrm{op }}\) in (14) one obtains a composite adjunction, which yields another monad \(T_{\omega }\) on \({\mathbf {Sets}} \), namely:

    This is what Lawvere [17] calls the dual monad; a similar construction occurs for instance in [6, Sect. 5]. There is in this case a map of monads \(T \Rightarrow T_{\omega }\).

7 Concluding Remarks

The triangle-based semantics and logic that was presented via many examples forms the basis for (a) several versions of the Dijkstra monad, associated with different monads \(T\), and (b) a description of the weakest precondition operation as a map of monads. There are many issues that remain to be investigated.

  • We have concentrated on Dijkstra monads \(\mathfrak {D}\), but there is also the Hoare monad \(\mathfrak {H}\), see [24, 29]. It may be described explicitly as:

    $$\mathfrak {H}(X) = \displaystyle \coprod _{P\subseteq S}\;\coprod _{Q\subseteq S\times X\times S} {\{}f:P \rightarrow X\times S\;|\;\forall {s\in S}.\,Q(s,f(s)){\}}, $$

    where \(S\) is the set of states. It would be nice to extend this Hoare construction also to other monads than powerset.

  • As already mentioned in the beginning, we only scratch the surface when it comes to the enrichment involved in the examples. This also requires further investigation, especially in connection with the algebraic effects approach, see e.g. [25], or the (enriched) monad models of [22].