Rewriting Abstract Structures: Materialization Explained Categorically

The paper develops an abstract (over-approximating) semantics for double-pushout rewriting of graphs and graph-like objects. The focus is on the so-called materialization of left-hand sides from abstract graphs, a central concept in previous work. The first contribution is an accessible, general explanation of how materializations arise from universal properties and categorical constructions, in particular partial map classifiers, in a topos. Second, we introduce an extension by enriching objects with annotations and give a precise characterization of strongest post-conditions, which are effectively computable under certain assumptions.


Introduction
Abstract interpretation [12] is a fundamental static analysis technique that applies not only to conventional programs but also to general infinite-state systems.Shape analysis [32], a specific instance of abstract interpretation, pioneered an approach for analyzing pointer structures that keeps track of information about the "heap topology", e.g., out-degrees or existence of certain paths.One central idea of shape analysis is materialization, which arises as companion operation to summarizing distinct objects that share relevant properties.Materialization, a.k.a.partial concretization, is also fundamental in verification approaches based on separation logic [6,5,25], where it is also known as rearrangement [28], a special case of frame inference.Shape analysis-construed in a wide sense-has been adapted to graph transformation [31], a general purpose modelling language for systems with dynamically evolving topology, such as network protocols and cyber-physical systems.Motivated by earlier work of shape analysis for graph transformation [33,4,1,2,30,29], we want to put the materialization operation on a new footing, widening the scope of shape analysis.
A natural abstraction mechanism for transition systems with graphs as states "summarizes" all graphs over a specific shape graph.Thus a single graph is used as abstraction ⊳ We show that abstract rewriting with annotations is sound and, with additional assump- tions, complete.Finally, we even derive strongest post-conditions for the case of graph rewriting with annotations.
→ Sec. 5 Related work: The idea of shape graphs together with shape constraints was pioneered in [32] where the constraints are specified in a three-valued logic.A similar approach was proposed in [33], using first-order formulas as constraints.In partner abstraction [3,4], cluster abstraction [1,2], and neighbourhood abstraction [30] nodes are clustered according to local criteria, such as their neighbourhood and the resulting graph structures are enriched with counting constraints, similar to our constraints.The idea of counting multiplicities of nodes and edges is also found in canonical graph shapes [29].The uniform treatment of monoid annotations was introduced in previous work [21,9,10], in the context of type systems and with the aim of studying decidability and closure properties, but not for abstract rewriting.

Preliminaries
This paper presupposes familiarity with category theory and the topos structure of graphs.Some concepts (in particular elementary topoi, subobject and partial map classifiers, and slice categories) are defined in App. A. Furthermore all proofs can be found in App.D. The rewriting formalism for graphs and graph-like structures that we use throughout the paper is the double-pushout (DPO) approach [11].Although it was originally introduced for graphs [16], it is well-defined in any category C.However, certain standard results for graph rewriting require that the category C has "good" properties.The category of graphs is an elementary topos-an extremely rich categorical structure-but weaker conditions on C, for instance adhesivity, have been studied [22,15,14].
Definition 1 (Double-pushout rewriting).A production in C is a span of monos L ↢ I ↣ R in C; the objects L and R are called left-and right-hand side, respectively.A match of a production p∶ L ↢ I ↣ R to an object X of C is a mono m L ∶ L ↣ X in C. The production p rewrites X to Y at m L (resp. the match m L to the co-match m R ∶ R → Y ) if the production and the match (and the co-match) extend to a diagram in C, shown to the right, such that both squares are pushouts.
In this case, we write Given a production p and a match m L , if there exist arrows X ← C and C ← I that make the left-hand square of the diagram in Def. 1 a pushout square, the gluing condition is satisfied.
If C is an adhesive category (and thus also if it is a topos [23]) and the production consists of monos, then all remaining arrows of double-pushout diagrams of rewriting are monos [22] and the result of rewriting-be it the object Y or the co-match m R -is unique (up to a canonical isomorphism).

Subobject Classifiers and Partial Map Classifiers of Graphs
A standard category for graph rewriting that is also a topos is the category of edgelabelled, directed graphs that we shall use in examples, as recalled in the next definition.Note that due to the generality of the categorical framework, our results also hold for various other forms of graphs, such as node-labelled graphs, hypergraphs, graphs with scopes or graphs with second-order edges.
Definition 2 (Category of graphs).Let Λ be a fixed set of edge labels.A (Λ-labelled) graph is a tuple G = (V G , E G , src G , tgt G , G ) where V G is a finite set of nodes, E G is a finite set of edges, src G , tgt G ∶ E G → V G are the source and target mappings and Let G, H be two Λ-labelled graphs.A graph morphism ϕ∶ G → H consists of two functions ϕ V ∶ V G → V H , ϕ E ∶ E G → E H , such that for each edge e ∈ E G we have src H (ϕ E (e)) = ϕ V (src G (e)), tgt H (ϕ E (e)) = ϕ V (tgt G (e)) and H (ϕ E (e)) = G (e).If ϕ V , ϕ E are both bijective, ϕ is an isomorphism.The category having (Λlabelled) graphs as objects and graph morphisms as arrows is denoted by Graph.
We shall often write ϕ instead of ϕ V or ϕ E to avoid clutter.The graph morphisms in our diagrams will be indicated by black and white nodes and thick edges.In the category Graph, where the objects are labelled graphs over the label alphabet Λ, the subobject classifier true is displayed to the right where every Λlabelled edge represents several edges, one for each λ ∈ Λ.The subobject classifier true∶ 1 ↣ Ω from the terminal object 1 to Ω allows us to single out a subgraph X of a graph Y , by mapping Y to Ω in such a way that all elements of X are mapped to the image of true (see also Def. 40 in App.A).
Given arrows α, m as in the diagram in Definition 3, we can construct the most general pullback, called final pullback complement [13,8].

Definition 3 (Final pullback complement). A pair of arrows
there exists a unique arrow f ′ ∶ F ′ → F such that β ○ f ′ = β ′ and γ ○ f = f ′ ○ γ ′ both hold (see the diagram to the right).
Final pullback complements and subobject classifiers are closely related to partial map classifiers (see Def. 42 in App.A and [13,Corollary 4.6]): a category has FPBCs (over monos) and a subobject classifier if and only if it has a partial map classifier.These exist in all elementary topoi.Proposition 4 (Final pullback complements, subobject and partial map classifiers).Let C be a category with finite limits.Then the following are equivalent: (2) C has a partial map classifier (F ∶ C → C, η ∶ Id . → F ).

Languages
The main theme of the paper is "simultaneous" rewriting of entire sets of objects of a category by means of rewriting a single abstract object that represents a collection of structures-the language of the abstract object.The simplest example of an abstract structure is a plain object of a category to which we associate the language of objects that can be mapped to it; the formal definition is as follows (see also [10]).

Definition 5 (Language of an object).
Let A be an object of a category C. Given another object X, we write X ⇢ A whenever there exists an arrow from X to A. We define the language1 of A, denoted by L(A), as Whenever X ∈ L(A) holds, we will say that X is abstracted by A, and A is called the abstract object.In the following we will also need to characterize a class of (co-)matches which are represented by a given (co-)match (which is a mono).
Definition 6 (Language of a mono).Let ϕ∶ L ↣ A be a mono in C. The language of ϕ is the set of monos m with source L that factor ϕ such that the square on the right is a pullback: Intuitively, for any arrow (L m → X) ∈ L(ϕ) we have X ∈ L(A) and X has a distinguished subobject L which corresponds precisely to the subobject L ↣ A. In fact ψ restricts and co-restricts to an isomorphism between the images of L in X and A. For graphs, no nodes or edges in X outside of L are mapped by ψ into the image of L in A.

Materialization
Given a production p ∶ L ↢ I ↣ R, an abstract object A, and a (possibly non-monic) arrow ϕ∶ L → A, we want to transform the abstract object A in order to characterize all successors of objects in L(A), i.e., those obtained by rewriting via p at a match compatible with ϕ. (Note that requiring ϕ to be monic is not sound, since the left-hand side of p could be "folded" or "fused" in the abstraction.)Roughly, we want to lift DPO rewriting to the level of abstract objects.
For this, it is necessary to use the materialization construction, defined categorically in Sec.3.1, that enables us to concretize an instance of a left-hand side in a given abstract object.This construction is refined in Sec.3.2 where we restrict to materializations that satisfy the gluing condition and can thus be rewritten via p.Finally in Sec.3.3 we present the main result about materializations showing that we can fully characterize the co-matches obtained by rewriting.

Materialization Category and Existence of Materialization
From now on we assume C to be an elementary topos.We will now define the materialization, which, given an arrow ϕ∶ L → A, characterizes all objects X, abstracted over A, which contain a (mono) occurrence of the left-hand side compatible with ϕ.

Definition 7 (Materialization). Let ϕ∶ L → A be an arrow in C.
The materialization category for ϕ, denoted Mat ϕ , has as objects all factorizations L ↣ X → A of ϕ whose first factor L ↣ X is a mono, and as arrows from a factorization L ↣ X → A to another one L ↣ Y → A, all arrows f ∶ X → Y in C such that the diagram to the right comprises a commutative triangle and a pullback square.
If Mat ϕ has a terminal object it is denoted by L ↣ ⟨ϕ⟩ → A and is called the materialization of ϕ.
Sometimes we will also call the object ⟨ϕ⟩ the materialization of ϕ, omitting the arrows.Since we are working in a topos by assumption, the slice category over A provides us with a convenient setting to construct materializations.Note in particular that in the diagram in Def.7 above, the span X ↢ L ↣ L is a partial map from X to L in the slice category over A. Hence the materialization ⟨ϕ⟩ corresponds to the partial map classifier for L in this slice category.
Proposition 8 (Existence of materialization).Let ϕ∶ L → A be an arrow in C, and let η ϕ ∶ ϕ → F (ϕ), with F (ϕ)∶ Ā → A, be the partial map classifier of ϕ in the slice category C↓A (which also is a topos). 2 Then As a direct consequence of Prop. 4 and Prop.8 (and the fact that final pullback complements in the slice category correspond to those in the base category [26]), the terminal object of the materialization category can be constructed for each arrow of a topos by taking final pullback complements.

Corollary 9 (Construction of the materialization). Let ϕ∶ L → A be an arrow of C and let true
Then the terminal object L ηϕ ↣ ⟨ϕ⟩ ψ → A in the materialization category consists of the arrows η ϕ and In particular, the materialization is obtained as a final pullback complement as depicted to the right (compare with the corresponding diagram in Corollary 9).Note that edges which are not in the image of η ϕ resp.true A are dashed.
This construction corresponds to the usual intuition behind materialization: the lefthand side and the edges that are attached to it are "pulled out" of the given abstract graph.The concrete construction in the category Graph is spelled out in App. C.
We can summarize the result of our constructions in the following proposition: Proposition 11 (Language of the materialization).Let ϕ∶ L → A be an arrow in C and let L ηϕ ↣ ⟨ϕ⟩ → A be the corresponding materialization.Then we have

Characterizing the Language of Rewritable Objects
A match obtained through the materialization of the left-hand side of a production from a given object may not allow a DPO rewriting step because of the gluing condition.We illustrate this problem with an example.Nevertheless there exist factorizations L ↣ X → A abstracted by ⟨ϕ⟩ that could be rewritten using the production.
In order to take the existence of pushout complements into account, we consider a subcategory of the materialization category.
Definition 13 (Materialization subcategory of rewritable objects).Let ϕ∶ L → A be an arrow of C and let ϕ L ∶ I ↣ L be a mono (corresponding to the left leg of a production).The materialization subcategory of rewritable objects for ϕ and ϕ L , denoted Mat ϕ L ϕ , is the full subcategory of Mat ϕ containing as objects all factorizations L m ↣ X → A of ϕ, where m is a mono and ↣ ⟪ϕ, ϕ L ⟫ → A and is called the rewritable materialization.
We will show that this subcategory of the materialization category has a terminal object.
Proposition 14 (Construction of the rewritable materialization).Let ϕ∶ L → A be an arrow and let ϕ L ∶ I ↣ L be a mono of C. Then the rewritable materialization of ϕ w.r.t.ϕ L exists and can be constructed as the following factorization Example 15.We come back to the running example (see Ex. 12) and, as in Prop.14, determine the final pullback complement I ↣ F ↣ ⟨ϕ⟩ of I It remains to be shown that L ↣ ⟪ϕ, ϕ L ⟫ → A represents every factorization which can be rewritten.As before we obtain a characterization of the rewritable objects, including the match, as the language of an arrow.
Proposition 16 (Language of the rewritable materialization).Assume there is a production p∶ L ↣ ⟪ϕ, ϕ L ⟫ be the match for the rewritable materialization for ϕ and ϕ L .Then we have

Rewriting Materializations
In the next step we will now rewrite the rewritable materialization ⟪ϕ, ϕ L ⟫ with the match L n L ↣ ⟪ϕ, ϕ L ⟫, resulting in a co-match R ↣ B. In particular, we will show that this co-match represents all co-matches that can be obtained by rewriting an object X of L(A) at a match compatible with ϕ.We first start with an example.
Example 17.We can rewrite the materialization L ↣ ⟪ϕ, ϕ L ⟫ → A as follows: Proposition 18 (Rewriting abstract matches).Let a match n L ∶ L ↣ Ã and a production p∶ L ↢ I ↣ R be given.Assume that Ã is rewritten along the match n L , i.e., (L If we combine Prop.16 and Prop.18, we obtain the following corollary that characterizes the co-matches obtained from rewriting a match compatible with ϕ∶ L → A. Corollary 19 (Co-match language of the rewritable materialization).Let ϕ∶ L → A and a production p∶ L ↣ R be given.Assume that ⟪ϕ, ϕ L ⟫ is obtained as the rewritable materialization of ϕ and ϕ L with match This result does not yet enable us to construct post-conditions.While the set of co-matches is fully characterized, this can only be achieved by fixing the right-hand side R and thus ensuring that exactly one occurrence of R is represented.However, as soon as we forget about the co-match, this effect is gone and can only be retrieved by adding annotations, which will be introduced next.

Annotated Objects
We now endow objects with annotations, thus making object languages more expressive.In particular we will use ordered monoids in order to annotate objects.Similar annotations have already been studied in [21] in the context of type systems and in [10] with the aim of studying decidability and closure properties, but not for abstract rewriting.
Definition 20 (Ordered monoid).An ordered monoid (M, +, ≤) consists of a set M, a partial order ≤ and a binary operation + such that (M, +) is a monoid with unit 0 (which is the bottom element wrt.≤) and the partial order is compatible with the monoid operation.In particular a ≤ b implies a + c ≤ b + c and c + a ≤ c + b for all a, b, c ∈ M.An ordered monoid is commutative if + is commutative.
A tuple (M, +, −, ≤), where (M, +, ≤) is an ordered monoid and − is a binary operation on M, is called an ordered monoid with subtraction.
We say that subtraction is well-behaved whenever for all a, b ∈ M it holds that a − a = 0 and (a − b) + b = a whenever b ≤ a.
For now subtraction is just any operation, without specific requirements.Later we will concentrate on specific subtraction operations and demand that they are well-behaved.
In the following we will consider only commutative monoids.
The category of ordered monoids with subtraction and monotone maps is called Mon.
A monotone map h is called a homomorphism if h(0) = 0 and h(a+b) = h(a)+h(b).If M 1 , M 2 are ordered monoids with subtraction, we say that h preserves subtraction if Example 22.Let n ∈ N {0} and take M n = {0, 1, . . ., n, * } (zero, one, . . ., n, many) with 0 ≤ 1 ≤ ⋅ ⋅ ⋅ ≤ n ≤ * and addition as (commutative) monoid operation with the proviso that a + b = * if the sum is larger than n.In addition a + * = * for all a ∈ M n .Subtraction is truncated subtraction where a − b = 0 if a ≤ b.Furthermore * − a = * for all a ∈ N. It is easy to see that subtraction is well-behaved.
Given a set S and an ordered monoid (with subtraction) M, it is easy to check that also M S is an ordered monoid (with subtraction), where the elements are functions from S to M and the partial order, the monoidal operation and the subtraction are taken pointwise.
The following path monoid is useful if we want to annotate a graph with information over which paths are present.Note that due to the fusion of nodes and edges caused by the abstraction, a path in the abstract graph does not necessarily imply the existence of a corresponding path in a concrete graph.Hence annotations based on such a monoid, which provide information about the existence of paths, can yield useful additional information.
Example 23.Given a graph G, we denote by The path monoid P G of G has the carrier set P(E + G ).The partial order is simply inclusion and the monoid operation is defined as follows: given P 0 , P 1 ∈ P G , we have That is, new paths can be formed by concatenating alternating path fragments from P 0 , P 1 .It is obvious to see that + is commutative and one can also show associativity.P = ∅ is the unit.Subtraction simply returns the first parameter: P 0 − P 1 = P 0 .
We will now formally define annotations for objects via a functor from a given category to Mon.
Definition 24 (Annotations for objects).Given a category C and a functor A∶ C → Mon, an annotation based on A for an object X ∈ C is an element a ∈ A(X).We write A ϕ , instead of A(ϕ), for the action of functor A on a C-arrow ϕ.We assume that for each object X there is a standard annotation based on A that we denote by s X , thus s X ∈ A(X).
It can be shown quite straightforwardly that the forgetful functor mapping an annotated object X[a], with a ∈ A(X), to X is an op-fibration (or co-fibration [19]), arising via the Grothendieck construction.
Our first example is an annotation of graphs with global multiplicities, counting nodes and edges, where the action of the functor is to sum up those multiplicities.
Therefore an annotation based on a functor B n associates every item of a graph with a number (or the top value * ).We will call such annotations multiplicities.Furthermore the action of the functor on a morphism transforms a multiplicity by summing up (in M n ) the values of all items of the source graph that are mapped to the same item of the target graph.
For a graph G, its standard multiplicity s G ∈ B n (G) is defined as the function which maps every node and edge of G to 1.
As another example we consider local annotations which record the out-degree of a node and where the action of the functor is to take the supremum instead of the sum.
Example 26.Given n ∈ N {0}, we define the functor S n ∶ Graph → Mon as follows: For a graph G, its standard annotation s G ∈ S n (G) is defined as the function which maps every node of G to its out-degree (or * if the out-degree is larger than n).
Finally, we consider annotations based on the path monoid (see Ex. 23).
Example 27.We define the functor T ∶ Graph → Mon as follows: For every graph G, T (G) = P G .For every graph morphism ϕ∶ G → H and P ∈ T (G), we have T ϕ (P ) ∈ P H with: For a graph G, its standard annotation s G ∈ T (G) is the transitive closure of the edge relation, i.e., s G = E + G .In the following we will consider only annotations satisfying certain properties in order to achieve soundness and completeness.
Definition 28 (Properties of annotations).Let A ∶ C → Mon be an annotation functor, together with standard annotations.In this setting we say that the homomorphism property holds if whenever ϕ is a mono, then A ϕ is a monoid homomorphism, preserving also subtraction.the adjunction property holds if whenever ϕ∶ A ↣ B is a mono, then • it holds that red ϕ (s B ) = s A , where s A , s B are standard annotations.Furthermore, assuming that A ϕ has a right adjoint red ϕ , we say that the pushout property holds, whenever for each pushout as shown in the diagram to the right, with all arrows monos where η = ψ 1 ○ϕ 1 = ψ 2 ○ ϕ 2 , it holds that for every d ∈ A(D): We say that the pushout property for standard annotations holds if we replace d by s D , red η (d) by s A , red ψ1 (d) by s B and red ψ2 (d) by s C .
the Beck-Chevalley property holds if whenever the square shown to the right is a pullback with ϕ 1 , ψ 2 mono, then it holds for every b ∈ A(B) that Note that the annotation functor from Ex. 25 satisfies all properties above, whereas the functors from Ex. 26 and 27 satisfy both the homomorphism property and the pushout property for standard annotations, but do not satisfy all the remaining requirements (see Lem. 49, 50 and 51 in App.D).
We will now introduce objects with two annotations, giving lower and upper bounds.
Definition 29 (Doubly annotated object).Given a topos C and a functor The language of a doubly annotated object A[a 1 , a 2 ] (also called the language of objects which are abstracted by A[a 1 , a 2 ]) is defined as follows: Note that legal arrows are closed under composition [9].Examples of doubly annotated objects are given in Ex. 36 for global annotations from Ex. 25 (providing upper and lower bounds for the number of nodes resp.edges in the preimage of a given element).Graph elements without annotation are annotated by [0, * ] by default.

Definition 30 (Isomorphism property
).An annotation functor A∶ C → Mon, together with standard annotations, satisfies the isomorphism property if the following holds: whenever

Abstract Rewriting of Annotated Objects
We will now show how to actually rewrite annotated objects.The challenge is both to find suitable annotations for the materialization and to "rewrite" the annotations.

Abstract Rewriting and Soundness
We first describe how the annotated rewritable materialization is constructed and then we investigate its properties.

Definition 31 (Construction of annotated rewritable materialization
↣ R be a production and let A[a 1 , a 2 ] be a doubly annotated object.Furthermore let ϕ∶ L → A be an arrow.
We first construct the factorization obtaining the rewritable materialization ⟪ϕ, ϕ L ⟫ from Def. 13.Next, let M contain all maximal 5 elements of the set Then the doubly annotated objects ⟪ϕ, Note that in general there can be several such materializations, differing by the annotations only, or possibly none.The definition of M ensures that the upper bound a ′ 2 of the materialization covers the annotations arising from the left-hand side.We cannot use a corresponding condition for the lower bound, since the materialization might contain additional structures, hence the arrow n L is only "semi-legal".A more symmetric condition will be studied in Sec.5.2.
Proposition 32 (Annotated rewritable materialization is terminal).Given a production p∶ L → A the the corresponding rewritable materialization.Then there exists an arrow ζ A and a pair of annotations (a ′ 1 , a ′ 2 ) ∈ M for ⟪ϕ, ϕ L ⟫ (as described in Def.31) such that the diagram below commutes and the square is a pullback in the underlying category.Furthermore the triangle consists of legal arrows.This means in particular that ζ A is legal.
Having performed the materialization, we will now show how to rewrite annotated objects.Note that we cannot simply take pushouts in the category of annotated objects and legal arrows, since this would result in taking the supremum of annotations, when instead we need the sum (subtracting the annotation of the interface I, analogous to the inclusion-exclusion principle). 5"Maximal" means maximality with respect to the interval order (a1, a2) Definition 33 (Abstract rewriting step ↝).Let p∶ L ↣ R be a production and let A[a 1 , a 2 ] be an annotated abstract object.Furthermore let ϕ∶ L → A be a match of a left-hand side, let n L ∶ L ↣ ⟪ϕ, ϕ L ⟫ be the match obtained via materialization and let where c 1 , c 2 are maximal annotations such that: In this case we write We will now show soundness of abstract rewriting, i.e., whenever an object X is abstracted by A[a 1 , a 2 ] and X is rewritten to Y , then there exists an abstract rewriting Assumption: In the following we will require that the homomorphism property as well as the pushout property for standard annotations hold (cf.Def.28).
Proposition 34 (Soundness for ↝).Relation ↝ is sound in the following sense: Let

Completeness
The conditions on the annotations that we imposed so far are too weak to guarantee completeness, that is the fact that every object represented by B[b 1 , b 2 ] can be obtained by rewriting an object represented by A[a 1 , a 2 ].This can be clearly seen by the fact that the requirements hold also for the singleton monoid and, as discussed before, the graph structure of B is insufficient to characterize the successor objects or graphs.
Hence we will now strengthen our requirements in order to obtain completeness.Assumption: In addition to the assumptions of Sec.5.1, we will need that subtraction is well-behaved and that the adjunction property, the pushout property, the Beck-Chevalley property (Def.28) and the isomorphism property (Def.30) hold.
The global annotations from Ex. 25 satisfy all these properties.In particular, given an injective graph morphism ϕ∶ G ↣ H the right adjoint ), i.e., red ϕ simply provides a form of reindexing (see also Lem. 49 in App.D).We will now modify the abstract rewriting relation and allow only those abstract annotations for the materialization that reduce to the standard annotation of the left-hand side.
via the construction described in Def. 31 and 33, with the modification that the set of annotations from which the set of maximal annotations M of the materialization ⟪ϕ, ϕ L ⟫ are taken, is replaced by: In this case we write Due to the adjunction property we have )) ≤ a ′ 2 and hence the set M of annotations of Def.35 is a subset of the corresponding set of Def.33.
Example 36.We give a small example of an abstract rewriting step (a more extensive, worked example can be found in App.B).Elements without annotation are annotated by [0, * ] by default and those with annotation [0, 0] are omitted.Furthermore elements in the image of the match and co-match are annotated by the standard annotation [1,1] to specify the concrete occurrence of the left-hand and right-hand side.
The variant of abstract rewriting introduced in Def.35 can still be proven to be sound, assuming the extra requirements stated above.
Proposition 37 (Soundness for ↪).Relation ↪ is sound in the sense of Prop.34.
Using the assumptions we can now show completeness.
Finally, we can show that annotated graphs of this kind are expressive enough to construct a strongest post-condition.If we would allow several annotations for objects, as in [9], we could represent the language with a single (multiply) annotated object.
Corollary 39 (Strongest post-condition).Let A[a 1 , a 2 ] be an annotated object and let ϕ∶ L → A. We obtain (several) abstract rewriting steps , where we always obtain the same object B. (B is dependent on ϕ, but not on the annotation.)

Conclusion
We have described a rewriting framework for abstract graphs that also applies to objects in any topos, based on existing work for graphs [33,4,1,2,30,29].In particular, we have given a blueprint for materialization in terms of the universal property of partial map classifiers.This is a first theoretical milestone towards shape analysis as a general static analysis method for rule-based systems with graph-like objects as states.Soundness and completeness results for the rewriting of abstract objects with annotations in an ordered monoid provide an effective verification method for the special case of graphs (see also App.B).We plan to implement the materialization construction and the computation of rewriting steps of abstract graphs in a prototype tool.
The extension of annotations with logical formulas is the natural next step, which will lead to a more flexible and versatile specification language, as described in previous work [32,33].The logic can possibly be developed in full generality using the framework of nested application conditions [18,24] that applies to objects in adhesive categories.This logical approach might even reduce the proof obligations for annotation functors.Another topic for future work is the integration of widening or similar approximation techniques, which collapse abstract objects and ideally lead to finite abstract transition systems that (over-)approximate the typically infinite transitions systems of graph transformation systems.

A Definitions and Results about Topoi
In this section, we present some known definitions and results related to elementary topoi, for the convenience of the reader.
Definition 40 (Subobject classifier).Let C be a category where 1 is the terminal object and for each object X ∈ C let !X ∶ X → 1 be the unique arrow from X into the terminal object.A mono true∶ 1 ↣ Ω is a subobject classifier if for every mono i∶ X ↣ Y in C there exists a unique arrow χ i ∶ Y → Ω such that the diagram to the right is a pullback.In this case object Ω is called the truth value object.
In Set the subobject classifier true is simply the embedding of {1} into the twoelement set {0, 1}.A subset X ⊆ Y can be characterized via its characteristic function The notion of elementary topos [20] is used in logic and it abstracts from the structure of the category of sets.
Definition 41 (Elementary topos).An elementary topos is a category which has finite limits, is cartesian closed and has a subobject classifier.
We will often omit the qualifier "elementary" and simply talk about topoi.Every elementary topos has so-called partial map classifiers [7].
In Set the functor F enriches each set Y with an additional element ⋆, i.e., F (Y ) = Y + {⋆}.Then a partial map p∶ X ⇀ Y corresponds to a total map The partial map classifier object F (H) alongside the component of the natural transformation η H ∶ H ↣ F (H) is depicted below: We will now consider slice categories in connection with subobject classifiers.
Definition 44 (Slice category).The slice category C ↓ A of a category C over an object A ∈ C has the arrows The existence of a subobject classifier in a slice category over a topos directly follows from the following theorem [27].
Theorem 45 (Slice category over a topos is a topos [27]).For any object A in a topos C, the slice category C ↓ A of objects over A is also a topos.
In particular, the subobject classifier in the slice category can be constructed as follows.
Fact 46 (Subobject classifier in slice category [27]) Let C be a topos with subobject classifier true∶ 1 ↣ Ω and truth value object Ω.For any object A ∈ C let A × Ω be the product with projections π 1 ∶ A × Ω → A and π 2 ∶ A × Ω → Ω.Then a subobject classifier true A of the slice category C ↓ A is the unique mono true A ∶ A ↣ A × Ω such that the diagram to the right commutes.
Example 47.In order to provide an example for a subobject classifier in a slice category, we consider again the category Graph.Let A = be the base graph for the slice category Graph ↓ A of graph morphisms into A. The subobject classifier true A ∶ A ↣ A × Ω for this slice category is the following graph morphism:

B Worked Example
In the following, we give an example for the computation of a postcondition.We specify an online-shop scenario using an annotated abstract graph with the following edge label semantics: C∶ The connection of a customer node to to the online-shop.M∶ The market relation describing which items are purchasable in the shop.P∶ The possession relation describing which items are purchased by a customer.$∶ One $-coin of the currency used by customers to buy items in the shop.Now, we would like to model the following situation: Exactly one of many customers has established a connection to an online-shop.At least one of the customers has a $-coin to purchase items and the online-shops have an arbitrary number of items available.A customer can be in possession of an arbitrary number of items.Graphs modelling this specification can for instance be part of the language described by the following annotated abstract graph A[a 1 , a 2 ]: The following graph transformation production ρ∶ L ↢ I ↣ R specifies, that a customer, who is in possession of at least one $-coin and who is connected to the online shop, can purchase one of the items in stock in exchange for the currency.The production morphisms are indicated by the node positions: Please note, that there exists only one possibility to map the left-hand side graph L of the production ρ into the abstract graph A. We now depict the rewritable abstract graph ⟪ϕ, ϕ L ⟫[a ′ 1 , a ′ 2 ] consisting of the abstract graph A (upper part), the left-hand side graph L (lower part) and the additional edges introduced in the construction of Prop.14 alongside a maximal pair of annotations (a ′ 1 , a ′ 2 ) ∈ M conforming to Definition 35: annotated with [0, 0] cannot be the target of a legal morphism and therefore can be removed to simplify the graphical representation.If a node annotated with [0, 0] is removed this way, all incident edges are removed as well independently of their annotation.We apply the production ρ to the simplified rewritable abstract graph ⟪ϕ, We can use the postcondition for an invariant check of the graph language L(A[a 1 , a 2 ]) with respect to the production ρ.

C Construction of the Materialization in the Category of Graphs
In this chapter, we specify the concrete construction of the terminal object L ↣ ⟨ϕ⟩ → A in the materialization category for the base category Graph.Afterwards we prove that our construction is correct.
Definition 48 (Construction of the materialization).Let L = (V L , E L , src L , tgt L , L ) and A = (V A , E A , src A , tgt A , A ) be two graphs over a given edge label alphabet Λ and let ϕ∶ L → A be a fixed graph morphism.First we define the function ψ V ∶ (V L ⊍ V A ) → V A which maps the nodes of L and A to the nodes of A with respect to ϕ: We construct ⟨ϕ⟩ = (V, E, src, tgt, ) in the following way: This concludes the construction of the graph ⟨ϕ⟩.We now define the embedding graph morphism α∶ L → ⟨ϕ⟩ where α(x) = x to get the diagram shown to the right.

L ⟨ϕ⟩ A α ϕ
To get a valid factorization L ↣ ⟨ϕ⟩ → A of ϕ, we define the morphism ψ∶ ⟨ϕ⟩ → A with ψ = (ψ V , ψ E ) where ψ E ∶ E → E A is given by: Note that since β is an injection, the element β −1 (x) is unique whenever x is in the image of β.
We will next prove that f preserves the structure of G, i.e., that it is a well-defined graph morphism.We need to prove that the following three properties hold for every edge x ∈ E G : There are the following two cases: Case 1: Suppose x ∈ img(β).Then there exists y ∈ L such that x = β E (y).In this case we obtain The case of the target function (tgt) is equivalent to the source function (src).Case 2: Whenever x ∉ img(β), we get that Since x ∉ img(β) we obtain the following equations: Again, the case of the target function is equivalent to the case of the source function.Therefore f ∶ G → ⟨ϕ⟩ is a graph morphism.
We now prove that the following three properties hold for f : Properties ( 8) and ( 9) together ensure that every element of img(α) has a unique preimage under f , which -together with the commutativity of the square -guarantees that it is a pullback.
Proof of (7): Assume x ∈ img(β).Since ψ ○ α = ϕ = g ○ β we get: Assume x ∉ img(β).Then x is either a node or an edge of G. First we assume that x ∈ V G and x ∉ img(β V ).Since ψ V ○ γ V = id V we get: Proof of (8): Since β is a mono, we get that for all x ∈ L, there exists a unique y ∈ img(β) such that β(x) = y and β −1 (y) = x.By the construction of f , the following equation holds: Proof of (9): Let x ∈ G be given and x ∉ img(β).Then x is either a node or an edge of G. First we assume that x ∈ V G .Then f V (x) = γ V ○ g V (x).By the construction of ⟨ϕ⟩ it follows that img(α) ∩ img(γ) = ∅ and therefore we get that f V (x) ∉ img(α).

Now assume x ∈ E
. By the construction of ⟨ϕ⟩ we have that all edges of E ⟨ϕ⟩ are either of the form (e, s, t, l), with (e, s, t, l) ∉ img(α) or an edge from E L and therefore in img(α).We get that f E (x) ∉ img(α).
To prove that f is unique, we show that any other morphism f ′ ∶ G → ⟨ϕ⟩, satisfying the properties ( 7), ( 8) or ( 9), equals f .We show equality by checking that f (x) = f ′ (x) for all x ∈ G.
Case 1: Suppose x ∈ img(β).Then there exists an element y ∈ L such that β(y) = x and we obtain: Case 2: Suppose x ∉ img(β) and x is a node of G (e.g. , we would get that x ∈ img(β V ), due to property (9), which is a contradiction.We can hence conclude that f ′ , and furthermore: Case 3: Suppose x ∉ img(β) and x is an edge of G (e.g. , we would get that x ∈ img(β E ), due to property (9), which is a contradiction.We can hence conclude that f ′ E (x) ∈ E A , which implies that f E (x) must be of the form (e, s, t, l) ∈ E ⟨ϕ⟩ .We will now show that Hence the graph morphism f ∶ G → ⟨ϕ⟩ exists and it is unique for all factorizations The following result is known, we give the proof sketch for the convenience of the reader, since the construction plays an important role in this paper.
Let C be a category with finite limits.Then the following are equivalent: (1) C has a subobject classifier true∶ 1 ↣ Ω and final pullback complements for each pair of arrows (2) C has a partial map classifier Proof (Sketch).We just report the corresponding constructions from [13], omitting the proofs of the relevant properties.← F (I).It is easy to see that there is an induced mono (mediating arrow) n ∶ I ↣ P and it can be shown that

D.2 Materialization
Proposition 8 (Existence of materialization in a topos).Let ϕ∶ L → A be an arrow in C, and let η ϕ ∶ ϕ → F (ϕ), with F (ϕ)∶ Ā → A, be the partial map classifier of ϕ in the slice category C↓A (which also is a topos). 6Then is the component of the partial map classifier, there exists a unique arrow ϕ(m, id L )∶ X → ⟨ϕ⟩ from α∶ X → A to F (ϕ)∶ ⟨ϕ⟩ → A for which the left square in the following diagram is a pullback and the right triangle commutes.The latter holds since ϕ(m, id L ) is an arrow in the slice category.
A Proof.Straightforward from Propositios 4 and 8 (and the fact that final pullback complements in the slice category correspond to those in the base category [26]).

⊓ ⊔
Proposition 11 (Language of the materialization).Let ϕ∶ L → A be an arrow in C and let L ηϕ ↣ ⟨ϕ⟩ → A be the corresponding materialization.Then we have Proof.We show that the two sets are included into each other: Spelling out Definition 6 we obtain the following commuting diagram where the square is a pullback: Then we define ψ = g ○ f ∶ X → A and observe that the following equation holds: ↣ X be a factorization of the C-arrow ϕ∶ L → A, i.e., there exists an arrow ψ∶ X → A such that ϕ = ψ○m L .By terminality of the materialization L ηϕ ↣ ⟨ϕ⟩ → A there exists an arrow X → ⟨ϕ⟩ such that the following diagram commutes and the square is a pullback: Proposition 14 (Construction of the rewritable materialization).Let ϕ∶ L → A be an arrow and let ϕ L ∶ I ↣ L be a mono of C. Then the rewritable materialization of ϕ w.r.t.ϕ L exists and can be constructed as the following factorization (12) Proof.First note that in diagram (11), F is obtained as the final pullback complement of I ϕ L ↣ L ↣ ⟨ϕ⟩, where L ↣ ⟨ϕ⟩ ψ → A is the materialization of ϕ (Def.7).Arrow I ↣ F is monic because it is reflected, while F ↣ ⟨ϕ⟩ is monic by properties of final pullback complements since ϕ L ∶ I ↣ L is monic (see [8]).
Next in diagram ( 12) Since the right square is a pushout and the outer square commutes, there is a unique arrow α∶ ⟪ϕ, ϕ L ⟫ → ⟨ϕ⟩ making the diagram commute.Note that arrow L n L ↣ ⟪ϕ, ϕ L ⟫ is indeed monic, as pushouts preserve monos in a topos, and α is monic because topoi have effective unions.Therefore the rewritable materialization and clearly it is also an object of the subcategory Mat ϕ L ϕ , as by Diagram (12) We next prove that the left square of Diagram ( 12) is a pullback, to show that α is the unique arrow from the rewritable materialization to the materialization in Mat ϕ .Let the diagram below to the right be given.
We already know that the inner square commutes and therefore η ϕ ○ id L = α ○ n L .We will now show that the pullback property for the inner square holds, e.g. for any other object X and two arrows f ∶ X → L and g∶ X → ⟪ϕ, ϕ L ⟫ where the outer square commutes, there exists a unique arrow h∶ X → L such that f = id L ○ h and g = n L ○ h.It is clear that h = f by this assumption.Since α is a mono, it is a left-cancellative arrow e.g. for any two arrows We obtain the following equation: , a factorization of ϕ such that the pushout complement of I ϕ L ↣ L p ↣ X exists, and let I ↣ C ↣ X be such a pushout complement.Then the following diagram (13) commutes, where g∶ X → ⟨ϕ⟩ is the unique arrow making the left square a pullback by finality of the materialization, and the right square is a pullback because it is a pushout along a mono.From the pasting lemma (pullback version) we can conclude that the composed square is a pullback as well.
Combining the outer pullback of diagram (13) with the final pullback complement of diagram (11) we get diagram (14).By Def. 3 there exists a unique arrow γ such that the diagram commutes (especially the lower triangle and the square to the right).
By composing the arrows γ∶ C → F from diagram (14) and β∶ F ↣ ⟪ϕ, ϕ L ⟫ from diagram (12) we get the arrow c = β ○ γ∶ C → ⟪ϕ, ϕ L ⟫ shown in the commuting diagram (15) where the right square is a pushout.The universal property of pushouts gives us a unique mediating arrow δ ∶ X → ⟪ϕ, ϕ L ⟫.To show that δ defines an arrow in which is easily checked by diagram chasing) and that the left square is a pullback.
In order to show that the square marked (?) is a pullback we consider diagram (16).The left square is a pullback as we have shown earlier, and the outer square is a pullback by Diagram (13).From the pasting lemma (pullback version) we can conclude that the right square is a pullback.Also note that the diagram clearly commutes as the three arrows at the bottom are all unique.⊓ ⊔ Proposition 16 (Language of the rewritable materialization).Assume there is a production p∶ L ↣ ⟪ϕ, ϕ L ⟫ be the match for the rewritable materialization for ϕ and ϕ L .Then we have Proof.We show that the two sets of arrows are included in one another: A is an object of the materialization category of rewritable objects (since the production can be applied, the pushout complement exists) and we obtain a unique arrow X → ⟪ϕ, ϕ L ⟫ that creates a pullback L, L, X, A. Hence This implies the existence of an arrow X → ⟪ϕ, ϕ L ⟫ such that the left square in Diagram ( 17) is a pullback.The arrow ψ∶ X → A is given by composing X → ⟪ϕ, ϕ L ⟫ α ↣ ⟨ϕ⟩ → A and by retracing the construction of ⟪ϕ, ϕ L ⟫ (see Prop. 14) it can be shown that ϕ = ψ ○ m L .Furthermore we constructed the outer square in Diagram (17) as a pushout, which is therefore also a pullback.
Now we take the pullback of X → ⟪ϕ, ϕ L ⟫ ↢ F and obtain the pullback object C with the corresponding arrows (See Diagram (18)).Since the outer square commutes, we get a unique arrow I ↣ C due to the property of pullbacks.Note that I ↣ C is a mono since I ↣ F is a mono.All we need to show is that C is the pushout complement for our rewritable object X.
In order to show that it is a pushout we consider the diagram to the right.The bottom square is a Van Kampen square 7 , furthermore the left square is trivially a pullback, the front square is a pullback according to Diagram (17) and the right square is a pullback by construction (see Diagram ( 18)).Then it follows from classical pullback splitting that the back square is also a pullback.Finally it follows from the properties of adhesive categories that the top square is a pushout.
Therefore X can be rewritten.The existence of the pushout complement is guaranteed using the described construction.This completes the proof.⊓ ⊔ Proposition 18 (Rewriting abstract matches).Let a match n L ∶ L ↣ Ã and a production p∶ L ↢ I ↣ R be given.Assume that Ã is rewritten along the match n L , i.e., (L That is we have the diagram below, where the bottom squares are pushouts and the remaining squares are pullbacks (the squares in the back are actually pushouts as well).
Now take the pullback of C ↣ B and Y → B, obtaining Z, which gives us I → Z as mediating arrow into the pullback object (see diagram below).In the right cube the right square is a pullback, the back square is trivially pullback and the front square is a pullback by construction.This means that the left square is also a pullback by pullback splitting.Due to the Van Kampen square property this implies that the top square is a pushout.Since all pushouts along monos are pullbacks in adhesive categories, the arrow I → Z must be a mono.Finally, take the pushout of I ↣ Z and I ↣ L, resulting in X, which give us X → Ã as a mediating arrow.
Since in the left cube the back square is trivially a pullback and the right square is a pullback as well (see argument above), the front and left squares are pullbacks as well.This implies that (L ), this results in the diagram below (without the dotted arrows), where the top and bottom squares of the cubes are all pushouts and the vertical squares are pullbacks.Proof.
Homomorphism property: Assume that ϕ∶ A → B is an injective graph morphism.We first show that B n ϕ preserves the unit, which is a map a∶ V A ∪ E A → M n with a(x) = 0 for all x ∈ V A ∪ E A .For y ∈ V B ∪ E B we have B n ϕ (a)(y) = ∑ ϕ(x)=y a(x).Either y has a unique preimage x with a(x) = 0 and in this case the result is 0. Or y has no preimage, in which case we have the empty sum and the result is also 0. Next, we show that B n ϕ preservers the monoid operation: let a 1 , a 2 ∈ V A ∪E A → M n .Then we have B n ϕ (a 1 +a 2 )(y) = ∑ ϕ(x)=y (a 1 (x)+a 2 (x)).We distinguish two cases: -Either y has a unique preimage x and then the result is -Or y has no preimage under ϕ and we obtain Preservation of subtraction can be shown analogously.
Note that preservation of the monoid operation (but not preservation of subtraction) holds for any (also non-injective) graph morphism.Adjunction property: Assume that ϕ∶ A → B is an injective graph morphism.
-We show that the right adjoint of Clearly, red ϕ is monotone.Furthermore for a ∈ B n (A) and x ∈ V A ∪ E A we can show the following, using the fact that ϕ is injective: Finally for b ∈ B n (B) and y ∈ V B ∪ E B we have: -We have to show that red ϕ is a monoid homomorphism that preserves subtraction.
Let b∶ V B ∪E B → M n be the unit map that satisfies b(y) = 0 for all y ∈ V B ∪E B . Then Preservation of subtraction can be shown analogously.
red ϕ preserves standard annotations: Pushout property: Assume that we have a pushout as in Def.28 (pushout property) and let d ∈ B n (D).We have to show that We distinguish the following cases: y has a (unique) preimage x 1 under ψ 1 , but no preimage under ψ 2 .This means that y has no preimage under η as well.In this case we obtain from which the required equality follows.y has a (unique) preimage x 2 under ψ 2 , but no preimage under ψ 1 .This case is analogous to the previous one.y has a (unique) preimage x 1 under ψ 1 and a (unique) preimage x 2 under ψ 2 .
Hence it must also have a (unique) preimage x 0 under η such that ϕ 1 (x 0 ) = x 1 , ϕ 2 (x 0 ) = x 2 .In this case we obtain yielding the result d(y) + (d(y) − d(y)) = d(y).Beck-Chevalley property: First, observe that since the square from Def. 28 (Beck-Chevalley property) is a pullback, we can assume that the elements (vertices and edges) of A are as follows: Then we have: Isomorphism property: Then, since the standard annotation s Y is a lower and upper bound, every element Y must have exactly one preimage in X under ϕ.This is equivalent to the fact that ϕ is an isomorphism.⊓ ⊔ Lemma 50.The local annotation functor from Ex. 26 satisfies the homorphism property and the pushout property for standard annotations. Proof.
Homomorphism property: Assume that ϕ∶ A → B is an injective graph morphism.We first show that S n ϕ preserves the unit, which is a map a∶ V A → M n with a(v) = 0 for all v ∈ V A .For w ∈ V B we have S n ϕ (a)(w) = ⋁ ϕ(v)=w a(v).Either w has a unique preimage v with a(v) = 0 and in this case the result is 0. Or w has no preimage, in which case we have the empty supremum and the result is also 0. Next, we show that S n ϕ preservers the monoid operation: let a 1 , a 2 ∈ V A → M n .Then we have S n ϕ (a 1 + a 2 )(w) = ⋁ ϕ(v)=w (a 1 (v) + a 2 (v)).We distinguish two cases: -Either w has a unique preimage v and then the result is -Or w has no preimage under ϕ and we obtain Preservation of subtraction can be shown analogously.Pushout property for standard annotations: In the following we will use out∶ V → M n as a function that assigns to a vertex v ∈ V its out-degree, respectively * if the out-degree is larger than n.
Assume that we have a pushout as in Def.28 (pushout property).We have to show that s D = S n ψ1 (s B ) + (S n ψ2 (s C ) − S n η (s A )) Now let w ∈ V D and we distinguish the following cases: w has a (unique) preimage under ψ 1 , but no preimage under ψ 2 .This means that w has no preimage under η as well.In this case out(w) = out(v) and we have: In addition S n ψ2 (s C )(w) = 0 and S n η (s A )(w) = 0 and this completes this case.w has a (unique) preimage under ψ 2 , but no preimage under ψ 1 .This case is analogous to the previous case.w has a (unique) preimage v 1 under ψ 1 and a (unique) preimage v 2 under ψ 2 .
Hence it must also have a (unique) preimage v 0 under η such that ϕ Due to the properties of a pushout we have out(w) = out(v 1 ) + (out(v 2 ) − out(v 0 )).(Note that due to the placement of the brackets, the left-hand side equals * if and only if the right-hand side equals * .)Hence we obtain: Lemma 51.The path annotation functor from Ex. 27 satisfies the homorphism property and the pushout property for standard annotations. Proof.
According to the pushout property for standard annotations we have From the Beck-Chevalley property it follows that (c) Consider a pushout of A, B, C, D as in the pushout property for standard annotations with η = ψ 1 ○ ϕ 1 = ψ 2 ○ ϕ 2 .Due to the pushout property and the adjunction property we have We have to show that red ϕ○ψ , red ψ ○ red ϕ are both left adjoints of A ϕ○ψ , then the result follows from the fact that adjoints are unique.This is obvious for red ϕ○ψ and in the other case we obtain for c ∈ A(C): and similarly for the other inequality.⊓ ⊔

D.4 Abstract Rewriting of Annotated Objects
Proposition 32 (Annotated rewritable materialization is terminal).Given a production p∶ L → A the the corresponding rewritable materialization.Then there exists an arrow ζ A and a pair of annotations (a ′ 1 , a ′ 2 ) ∈ M for ⟪ϕ, ϕ L ⟫ (as described in Def.31) such that the diagram below commutes and the square is a pullback in the underlying category.Furthermore the triangle consists of legal arrows.This means in particular that ζ A is legal.
Proof.The existence of the underlying arrow ζ A follows from the fact that L ↣ ⟪ϕ, ϕ L ⟫ → A is the rewritable materialization (see Def. 13).This makes the left-hand square a pullback.We show that there exists a pair (a ′ 1 , a ′ 2 ) ∈ M (for M as in Def.31) for which a → A (such that ψ ′ ○ ζ A = ψ).This situation can be summarized in the diagram from the proof of Prop.18 which is depicted below in a simplified form, but with added annotations.
Due to Prop.32 there exists a pair of annotations (a ′ 1 , a ′ 2 ) ∈ M and a legal arrow First, in order to show that ζ C is legal, we observe that, due to functoriality, the homomorphism property and the pushout property for standard annotations, we have: Since a ′ 1 ≤ A ζ A (s X ) ≤ a ′ 2 we know from Def. 33 that there is a (maximal) annotation (c 1 , c 2 ) satisfying the respective inequalities such that c 1 ≤ A ζ C (s Z ) ≤ c 2 , which implies that ζ C is legal.
Second, to show that ζ B is legal, we observe that due to the pushout property for standard annotations, the homomorphism property and functoriality: ⊓ ⊔ Proposition 37 (Soundness for ↪)).Relation ↪ is sound in the sense of Prop.34.
Proof.We modify the proof of Prop.32, on which Prop. 34 relies.We have to show that there always exists a pair of annotations (a ′ 1 , a Furthermore (a ′ 1 , a ′ 2 ) ∈ M and -We first observe that there is a unique maximal pair (c 1 , c 2 ) satisfying the above inequalities, in particular c i = red ϕ A (a ′ i ).We have Next, we show that red n R (b 1 ) = red n R (b 2 ) = s R : The last equality holds since red ϕ R (s R ) = s I and hence A ϕ R (s I ) = A ϕ R (red ϕ R (s R )) ≤ s R (due to the adjunction property).This means that ι is a legal arrow and we can infer from the isomorphism property that it is an iso, without loss of generality we can assume that it is the identity.
It is left to show that ζ C and in particular ζ A are legal.

( 1 )
C has a subobject classifier true∶ 1 ↣ Ω and final pullback complements for each pair of arrows I α → L m ↣ G with m mono;

FPBC) A Example 10 .
We construct the materialization L ηϕ ↣ ⟨ϕ⟩ ψ → A for the following morphism ϕ∶ L → A of graphs with a single (omitted) label: ϕ:

Example 12 .
Consider the materialization L ↣ ⟨ϕ⟩ → A from Example 10 and the production L ↢ I ↣ R shown in the diagram to the right.It is easy to see that the pushout complement of morphisms I ↣ L ↣ ⟨ϕ⟩ does not exist.

↣
L ↣ ⟨ϕ⟩ (see diagram below left) and obtain ⟪ϕ, ϕ L ⟫ by taking the pushout over L ↢ I ↣ F (see diagram below right).
as in Def.31).Then A[a 1 , a 2 ] can be transformed to B[b 1 , b 2 ] via p if there are arrows such that the two squares below are pushouts in the base category and b 1 , b 2 are defined as:

Definition 42 (
Partial map classifier).Let C be a category with pullbacks.A partial map (m, f )∶ X ⇀ Y in C is a span X m ↢ Z f → Y where m∶ Z ↣ X is a mono.A partial map classifier (F, η) is a functor F ∶ C → C together with a natural transformation η∶ Id C .→ F such that for each object Y of C with the component η Y ∶ Y ↣ F (Y ) the following holds: for each partial map (m, f )∶ X ⇀ Y there exists a unique arrow ϕ(m, f )∶ X → F (Y ) such that the diagram to the right is a pullback.
is defined and p ′ (x) = ⋆ otherwise.Example 43.We now consider a more involved example in the category Graph.Let the partial map (m, f )∶ G ⇀ H (depicted below left) and a corresponding span G m ↢ P f → H (depicted below on the right) be given.We use a single edge label, which is omitted.(m, f ): shown below to the left) resulting in the abstract graph B[b 1 , b 2 ] (shown below, to the right): In fact, the annotated abstract graph B[b 1 , b 2 ] specifies (a part of) the strongest postcondition and therefore the graph G ∈ L(B[b 1 , b 2 ]), shown to the right, is a witness for the fact that the graph language L(A[a 1 , a 2 ]) is not closed under production application of ρ since G ∉ L(A[a 1 , a 2 ]) due to a missing $-coin edge in G, which is required by A[a 1 , a 2 ].C P

→
and the diagram shown to the right commutes.A from Definition 48 with ϕ = ψ ○ α.The morphism α∶ L → ⟨ϕ⟩ is the embedding morphism from L into ⟨ϕ⟩ and by the construction of ⟨ϕ⟩ there exists a second embedding morphism γ∶ A → ⟨ϕ⟩ with img(α) ∩ img(γ) = ∅ and γ is the terminal object in the materialization category, there must exist a unique graph morphism f ∶ G → ⟨ϕ⟩ such that the diagram to the right commutes and the square is a pullback.Define f = (f V , f E ) in the following way:

( 1 ) ⇒ ( 2 ) 1 true↣
The component η Y ∶ Y ↣ F (Y ) of the natural transformation η at object Y ∈ C is obtained as the final pullback complement of Y !Y → Ω, as shown in the left part of (10).(2)⇒ (1) We first observe that, given a partial map classifier (F, η), the subobject classifier is obtained as 1 η1 ↣ F (1).Next we show how to construct a final pullback complement: Given I α → L m ↣ G, consider the components of the natural transformation at I and L, and arrow F (α)∶ F (I) → F (L), as in the right part of (10).The mono L m ↣ G can be seen as a partial map G m ↢ L id L ↣ L from G to L, and this induces a unique arrow ϕ(m, id L ) making the square a pullback.Now let G h ← P → F (I) be the pullback of G ϕ(m,id L ) → F (L) F (α)

Corollary 9 (
Construction of the materialization).Let ϕ∶ L → A be an arrow of C and let true A ∶ A ↣ A × Ω be the subobject classifier in the slice category C ↓ A from id A ∶ A → A to the projection π 1 ∶ A × Ω → A (see Fact 46 in App.A).Then the terminal object L ηϕ ↣ ⟨ϕ⟩ ψ → A in the materialization category consists of the arrows η ϕ and

Corollary 19 (↣
Due to the Van Kampen square property and the fact that pushout complements of mono arrows are unique, the object Z can be constructed in two ways: either by taking the pullback of X → Ã and C ↣ Ã or by taking the pushout complement of I ↣ L, L ↣ X as shown above.Hence there must be an arrow Z → C arising from the pullback and the front and right square of the left cube are pullbacks as well.Now the arrow Y → B is obtained as a mediating arrow into the pushout object and the front and right faces of the right cube are again pullbacks.This implies that (Co-match language of the rewritable materialization).Let ϕ∶ L → A and a production p∶ L R be given.Assume that ⟪ϕ, ϕ L ⟫ is obtained as the rewritable materialization of ϕ and ϕ L with match L n L ↣ ⟪ϕ, ϕ L ⟫ (see Prop. 14).Furthermore let (L

Proof.
Straightforward from Propositions 16 and 18. ⊓ ⊔ D.3 Annotated Objects Lemma 49.The global annotation functor from Ex. 25 satisfies the homorphism property, the pushout property, the adjunction property, the Beck-Chevalley property and the isomorphism property.
a) The pushout property for standard annotations implies that for every mono ϕ∶ A ↣ B we have A ϕ (s A ) ≤ s B .(b) The adjunction property and the Beck-Chevalley property imply that red ϕ (A ϕ (a)) = a for ϕ∶ A ↣ B, a ∈ A(A).(c) The pushout property and the adjunction property imply the pushout property for standard annotations.(d) The adjunction property implies red ϕ○ψ = red ψ ○ red ϕ for A ψ

↣
using functoriality, Lem.52(a) and monotonicity).Then either(A ζ A (s X ), A ζ A (s X )) ∈ M or it is subsumed by another, maximal, pair (a ′ 1 , a ′ 2 ) ∈ M .In both cases this is the desired pair of annotations.⊓⊔Proposition 34 (Soundness for ↝).Relation ↝ is sound in the following sense: LetX ∈ L(A[a 1 , a 2 ]) (witnessed via a legal arrow ψ∶ X[s X , s X ] → A[a 1 , a 2 ]) where X p,m L ⇒ Y .Then there exists an abstract rewriting step A[a 1 , a 2 ] p,ψ○m L ↝ B[b 1 , b 2 ] such that Y ∈ L(B[b 1 , b 2 ]).Proof.Since X p,m L ⇒ Y we have that (L Y ) for some co-match m R .We set ϕ = ψ ○ m L and Corollary 19 implies that (R and ⟪ϕ, ϕ L ⟫ is the rewritable materialization withL n L ↣ ⟪ϕ, ϕ L ⟫ ψ ′ Furthermore we assume c 1 , c 2 , b 1 , b 2 as in Def.33.It is left to show that ζ C and in particular ζ B are legal morphisms. Since ζ C is legal and we have c 1 ≤ A ζ C (s Z ) ≤ c 2 , we obtain from the definition of b 1 , b 2 and monotonicity that b 1 ≤ A ζ B (s Y ) ≤ b 2 .

(a ′ 1 )
and A ψ (a ′ 2 ) ≤ a 2 .Since the square consisting of id L , m L , ζ A , n L is a pushout, we can use the Beck-Chevally property and the adjunction property to prove thatred n L (A ζ A (s X )) = A id L (red m L (s X )) = red m L (s X ) = s L .Hence either (A ζ A (s X ), A ζ A (s X )) or an annotation subsuming it is contained in the set M of Def.35.⊓ ⊔ Proposition 38 (Completeness for ↪).If A[a 1 , a 2 ] p,ϕ ↪ B[b 1 , b 2 ] and Y ∈ L(B[b 1 , b 2 ]), then there exists X ∈ L(A[a 1 , a 2 ]) (witnessed via a legal arrow ψ∶ X[s X , s X ] → A[a 1 , a 2 ]) such that X p,m L ⇒ Y and ϕ = ψ ○ m L .Proof.Since there is a rewriting step from A[a 1 , a 2 ] to B[b 1 , b 2 ] we obtain ⟪ϕ, ϕ L ⟫ as the materialization (with L n L ↣ ⟪ϕ, ϕ L ⟫ ψ ′→ A where ϕ = ψ ′ ○ n L ) and the following two pushouts below.

a ′ 1 ≤ 2 b
A ϕ A (c 1 )+(A n L (s L )−A n L ○ϕ L (s I )) A ϕ A (c 2 )+(A n L (s L )−A n L ○ϕ L (s I )) ≤ a ′ i = A ϕ B (c i ) + (A n R (s R ) − A n R ○ϕ R (s I )) for i ∈ {1, 2} In addition ζ B is a legal arrow that witnesses Y ∈ L(B[b 1 , b 2 ]), in particular b 1 ≤ A ζ B (s Y ) ≤ b 2 .

↣
n R ↣ B) we can infer from Corollary 19 that there exists a match m L ∶ L ↣ X where (Lm L ↣ X) ∈ L(L n L ↣ ⟪ϕ, ϕ L ⟫)and (L Y).This situation can be summarized in the diagram from the proof of Prop.18 which is depicted below with added annotations.
′2 ) ∈ M for which we have a legalarrow ζ A ∶ X[s X , s X ] → ⟪ϕ, ϕ L ⟫[a ′ 1 , a ′ 2 ].(The rest of the proof of Prop.34 proceeds as before.)As in Prop.32 we show that(A ζ A (s X ), A ζ A (s X )) is an annotation (a ′ 1 , a ′ 2 ) which satisfies a 1 ≤ A ψ