1. science
2. mathematics
3. algebra

BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
CLOVIS EBERHART, TOM HIRSCHOWITZ, AND THOMAS SEILLER
Universit´e de Savoie
CNRS, Universit´e de Savoie
Universit´e Paris 7
Contents
1. Introduction
1.1. Causal models and beyond
1.2. Innocence
1.3. Concurrency
1.4. Innocence as a sheaf condition
1.5. Compositionality
1.6. Which main result?
1.7. What’s new? What’s next?
1.8. Related work
1.9. Plan
2. Notation and preliminaries
2.1. Fair testing equivalence
2.2. A π-calculus
3. A playground for π
3.1. The main double category
3.2. Codomain is a fibration
3.3. Towards the playground
3.4. Correctness criterion
3.5. A playground
4. A sheaf model
4.1. Traces and views
4.2. Innocent strategies
4.3. Semantic fair testing
5. Intensional full abstraction
2
2
3
3
4
4
4
5
6
6
7
8
8
10
10
13
25
27
31
33
34
34
36
37
Key words and phrases: Programming languages; categorical semantics;presheaf semantics; game semantics; concurrency; process algebra.
Partially funded by the French ANR projet blanc “Formal Verification of Distributed Components” PiCoq
ANR 2010 BLAN 0305 01 and CNRS PEPS CoGIP.
LOGICAL METHODS
IN COMPUTER SCIENCE
DOI:10.2168/LMCS-???
1
© C. Eberhart, T. Hirschowitz, and T. Seiller
Creative Commons
2
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
5.1. Ltss for strategies
5.2. A further lts for strategies
5.3. Interpretation of π and intensional full abstraction
References
Appendix A. Proof of Proposition 5.24
37
40
41
45
49
1. Introduction
1.1. Causal models and beyond. Operational semantics of programming languages standardly model the execution of programs as paths in a certain labelled transition system
(lts). This has the undesirable effect of counting as different all possible interleavings
of parallel actions: verification on ltss thus incurs a state explosion problem. Similarly,
causality between various actions, visible in the syntax, is lost in the lts, thus hindering,
e.g., error diagnostics.
Causal models of programming languages intend to remedy both problems, but have yet
to be applied to full-scale programming languages. Causal models originate in concurrency
theory, and indeed have notably been applied to Milner’s CCS [63] or more recently to the
π-calculus (see Section 1.8). In parallel to this, Melli`es [49, 50] recast Hyland and Ong’s
games model for PCF [35] as a causal model for linear logic (LL). So one might have hoped
that merging both threads together would quickly lead to some causal model for some
functional language with concurrency primitives. However, this hasn’t yet happened, and
one reason may be that the machinery invented by Melli`es for dealing with duplication in
LL is extremely complex. Winskel and collaborators are currently trying to take it up and
push it further [58, 64, 11]. Another reason is perhaps that existing causal models for π are
very different in nature from game models.
We here follow an approach initiated in previous work on CCS [34, 32, 33], and extend
it to the π-calculus. In standard causal models, execution traces essentially consist of sets of
atomic ‘events’ and are partially ordered by inclusion. Instead, our approach puts forward
a finer notion of trace, based on proper categories rather than partial orders. Our traces are
a direct interpretation of π-calculus reduction rules, along the following lines. There is a
notion of configuration, which amounts to a combinatorial description of the involved agents
and communication network between them. There is then a notion of atomic action which
closely follows π-calculus reduction rules, thought of as ‘rules of the game’. E.g., for any
two agents x and y sharing some communication channel a, x may output, and y may input,
some other channel b on a. As another example, x may create a new communication channel,
or fork into two new agents. We finally define composition of atomic actions, in a way that
only retains some minimal causality information between them. E.g., information such as:
‘such agent only outputs on such channel after having forked’. Finally, our traces feature
a rich notion of morphism, close in spirit to Levy’s morphisms between plays [44]. Our
traces thus feature complex combinatorics, which we tame using techniques from algebraic
topology [42]. Our use of such techniques is by the way the main obstacle to explaining our
approach. Indeed, once defined, our traces enjoy a rich structure, which we rather easily
exploit to define a notion of strategy following the general framework of playgrounds [33].
Let us now briefly review how the latter goes.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
3
1.2. Innocence. Fixing some initial configuration X, one may naively define a strategy
for the agents in X to be a prefix-closed set of traces from X. This, however, allows
some undesirable behaviours. E.g., given three agents x, y, and z sharing a communication
channel a, there is such a naive strategy in which, say, x and y conspire to rule z out of the
game. E.g., x outputs some message on a, with y and z both ready to input on a, but the
naive strategy always routes that message to y.
In order to rectify this deficiency, we decree that in order for a trace to be accepted
by a strategy, it should be enough for it to be ‘locally accepted’. I.e., at every stage in the
trace, each agent should approve what she sees of the next action. E.g., if the next action
is a synchronisation x y with x outputting and y inputting on some channel a, then all
that’s required for the synchronisation to be accepted is that x accepts to output and y
accepts to input. Consequently, if some other agent z also accepts to input on a at this
stage, then the synchronisation x z is also accepted. We call this condition innocence by
analogy with Hyland and Ong’s notion [35].
1.3. Concurrency. Until now, our strategies are not concurrent enough to adequately
model CCS or the π-calculus. To illustrate this point, we recall Milner’s coffee machine
example: consider the CCS processes P = (a.b + a.c) and Q = a.(b + c). P has two ways
of inputting on a and, depending on the chosen way, inputs either on b or on c. Q, on
the contrary, inputs on a, and then has both possibilities of inputting on b or c. Both processes, however, accept exactly the same traces (in the standard sense), namely {, a, ab, ac},
where denotes the empty trace. Thus, taking strategies to be prefix-closed sets of traces
hopelessly destroys any hope of modelling any reasonably fine behavioural equivalence on
processes.
Inspired by presheaf models [38], we remedy this by passing from prefix-closed sets of
traces to presheaves (of finite sets) on traces. Indeed, a prefix-closed set of traces is nothing
but a contravariant functor from the poset T of traces with prefix ordering to the booleans 2,
viewed as a category. The latter has two objects 0 and 1 and just one non-trivial morphism
0 → 1. The idea is that a functor S∶ Top → 2 maps any trace to 1 when it is accepted, and
to 0 otherwise. Furthermore, if t ≤ t′ , i.e., t is a prefix of t′ , then we have a morphism
t → t′ which should be mapped by S to some morphism S(t′ ) → S(t). If t′ is accepted then
S(t′ ) = 1, so this has to be a morphism 1 → S(t). Because there are no morphisms 1 → 0,
this entails S(t) = 1, hence prefix-closedness of the corresponding naive strategy.
So naive strategies are functors Top → 2. Presheaf models prescribe to replace this
with, well, presheaves, i.e., functors Top → Set. Thus, the two ways that P above has to
accept inputting on a may be reflected by mapping the trace a to some two-element set.
More precisely, P may be modelled by the presheaf S defined on the left and pictured on
the right:
⋆
a
a
● S empty otherwise,
● S() = {⋆},
′
x
x′
′
● S( ↪ a) = {x ↦ ⋆, x ↦ ⋆},
● S(a) = {x, x },
c
b
● S(a ↪ ab) = {y ↦ x},
● S(ab) = {y},
′
y
y
.
● S(a ↪ ac) = {y ′ ↦ x′ },
● S(ac) = {y ′ },
Presheaves thus may ‘accept a trace in several ways’: the trace a is here accepted in two
ways, x and x′ . The process Q is of course modelled by identifying x and x′ . As it turns
out, we actually only need finitely many ways of accepting each trace. Thus our strategies
will be presheaves of finite sets, i.e., functors Top → set, where set denotes the category with
as objects all finite subsets of N, with all maps between them.
4
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
1.4. Innocence as a sheaf condition. Now, reconciling both previous paragraphs, our
traces from X form not only a poset but a proper category TX , so we need to define innocent
presheaves on TX . The category TX notably contains as objects both
● regular traces on the whole of X, and
● traces on sub-configurations of X.
Among the latter kind of objets, traces obtained by composing atomic actions involving
just one agent represent what an agent sees of a trace. We call them views, and they form
a subcategory VX of TX . E.g., if X merely consists an agent x linked to n communication
channels, an important atomic action πn for the π-calculus is given by x forking into two
new agents, say x1 and x2 . This action, viewed as an object of TX has three subobjects
which are views:
● the ‘identity’ view, in which nothing happens,
● πnl , which represents the left-hand branch (to x1 ),
● and πnr , which represents the right-hand branch (to x2 ).
The inclusion VX ↪ TX induces a simple Grothendieck topology [47] on TX , which amounts
to decreeing that any trace is covered by its views. We finally define a presheaf S of finite
sets to be innocent precisely when it is a sheaf for this Grothendieck topology. Such sheaves
form a category SX , which is small thanks to our use of set instead of Set.
1.5. Compositionality. An easy yet crucial observation is that innocent presheaves are
determined locally up to isomorphism: giving an innocent presheaf on a configuration X is
equivalent (up to isomorphism) to separately giving an innocent presheaf for each agent of
X. E.g., if X consists of two agents sharing n communication channels, then an innocent
presheaf is uniquely determined up to isomorphism by providing two innocent presheaves
on the configuration consisting of a single agent connected to n channels. This entails
for example that there is an extremely simple analogue of parallel composition in game
semantics. But it also provides a simple (infinitary) syntax for innocent presheaves which
directly leads to an interpretation ⟦−⟧∶ Pi → S of π-calculus processes into our model.
1.6. Which main result? What should we do in order to demonstrate adequacy of our
model? By definition, causal models expose some intensional information. Hence, equality is
generally much finer than any reasonable behavioural equivalence, so we shouldn’t base our
main result on it. On the other hand, causal models are supposed to be ‘compositional’, i.e.,
to come equipped with an interpretation of syntactic operations in the model. The natural
thing to do is thus to choose some behavioural equivalence from the operational side, use
compositionality to transpose it to the model, and prove that the two coincide. More
precisely, the considered equivalence induces by quotienting two ‘extensional collapses’, one
syntactic and the other semantic, and we want to prove that the translation ⟦−⟧ induces
a bijection between both extensional collapses. Following [1], we call this intensional full
abstraction for the considered equivalence.
We here focus on so-called testing equivalences [16, 54, 7, 57], which are defined in two
steps. First, one chooses a ‘mode of interaction’. That is, one defines what the relevant
tests are for a given process and specifies how the two should interact. Typically, tests for
P are other processes T with the same free communication channels as P , and interaction
is just parallel composition P ∣ T . The second stage amounts to choosing when P ∣ T is
successful. E.g., in may testing equivalence P ∣ T is successful just when there exists a
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
5
transition (P ∣ T ) Ô
⇒ P ′ (that is, a ♡ transition, possibly surrounded by silent transitions),
where ♡ is some action fixed in advance. In must testing equivalence, success is when all
maximal (possibly infinite) transition sequences contain at least one ♡ transition. In fair
testing equivalence, one requires that all silent sequences (P ∣ T ) Ô
⇒ P ′ extend to some
♡
→ P ′′′ ending with a ♡ transition. In this paper, we focus on the latter,
sequence P ′ Ô
⇒ P ′′ Ð
i.e., we prove (Corollary 5.27) that our model is intensionally fully-abstract for fair testing
equivalence. Furthermore, we explain that the result would work with a very large class of
behavioural equivalences.
♡
1.7. What’s new? What’s next? We wrote above that this paper follows the same
approach as previous work on CCS [34, 32, 33]. So we should explain in which sense
extending the approach to π was more than an easy application. We mention in passing some
ongoing work following up on the present paper, and then review longer-term directions.
First of all, the interplay between synchronisation and private channels in π is notoriously subtle. And indeed, our proof method for CCS failed miserably on π. Our impression
is that the reason for this is that our notion of trace for π, though simple and natural, is
not ‘modular’ enough, in the sense that a trace contains strictly more information than the
collection of all ‘local’ information accessible to agents (i.e., of all of its views, in the above
sense). Thus, adapting our proof technique from CCS would have required us to define a
much more complex but more modular notion of trace. We would then have had to reason
on the latter, and prove that the induced fair testing equivalence coincides with the original.
It might be worthwile to investigate this further, because deriving the complex notion of
trace from the simple one is akin to deriving ltss from reduction rules [60, 41, 56]. However,
we here stick to the present, somewhat rougher technique.
This goes by reducing semantic fair testing equivalence to fair testing equivalence in
the standard sense for some ad hoc lts S. We then single out a particular quotient M of
S, which admits a syntactic description very close to Berry and Boudol’s chemical abstract
machine [4], though with a kind of persistent explicit substitutions. Elements of M thus
roughly consist of finite multisets of molecules. Multisets are here thought of as chemical
soups, in which synchronisation is viewed as interaction between compatible molecules. In
order to simplify matters, we also work with a chemical abstract machine presentation of the
π-calculus. We then define a candidate ‘pseudo-inverse’ ζ to the translation map ⟦−⟧. These
are maps between molecules for π and molecules for M, which extend straightforwardly to
chemical soups. We finally design a relation between π-calculus soups and M soups, which
modularly allows
● π-calculus processes to correspond to their translation, and
● M molecules to correspond to their image under ζ.
We are then able to show that this relation is a weak bisimulation which straightforwardly
entails that ⟦−⟧ both
● preserves and reflects fair testing equivalence, and
● is surjective up to fair testing equivalence,
i.e., is intensionally fully-abstract for fair testing equivalence.
A second contribution comes from the fact that, in order to even define our category
of traces, we need to show that traces form the total category of a fibration [36] over
configurations. In previous work, this was done in an ad hoc way. We here introduce a
more satisfactory approach based on factorisation systems [46, 23]. In current work, we are
where?
6
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
designing a general setting where this technique applies, hopefully encompassing some form
of graph rewriting [3].
The present work could apply to error diagnostics in π [26] or efficient machine representation of reversible π-calculus processes [15].
Longer-term directions include applying the approach to more complex calculi, e.g.,
calculi with passivation [43] or functional calculi, and eventually consider some full-fledged
functional language with concurrency primitives.
Finally, the emphasis we put on traces suggests that we might be able to deduce properties of type systems (soundness, progress, etc) or compilers (correctness) from corresponding
properties on traces.
1.8. Related work. Beyond the obviously closely related, already mentioned work of
Winskel et al., we should mention other causal models for π [9, 52, 20, 5, 17, 12, 8, 14, 10],
as well as interleaving models [22, 21, 61, 12, 53, 30] and the early approach [37] based on
Girard’s Geometry of Interaction. All of these models are based on some lts for π. Instead,
ours is rather based on reduction rules. The subtleties usually showing up in ltss, related
to mixing synchronisation and private channels, do resurface in our proof of intensional full
abstraction, but not in the definition of our model. Indeed, it merely goes by describing the
‘rule of the game’ in π, and applying the general framework of playgrounds [33].
We should also mention Laird’s game semantical model of (a fragment of) π [40], which
accounts for trace (a.k.a. may testing) equivalence. Trace equivalence is essentially the
coarsest meaningful behavioural equivalence on processes, so one might hope for models of
finer equivalences. But standard game semantics seems intrinsically limited to trace equivwho?
alence, because it views strategies as sets of traces (with well-formedness conditions). Some
resort to an explicit action for divergence, which allows them to recover a finer behavioural
equivalence. We feel that the presheaf-based approach is more general.
Furthermore, a recent preprint [62] adapts and extends some ideas of [34, 32] to deterministic, nondeterministic, and probabilistic variants of the simply-typed λ-calculus.
Let us finally mention less closely related work: Girard’s ludics [25], Melli`es’s game semantics in string diagrams [51], Harmer et al.’s categorical combinatorics of innocence [29],
McCusker et al.’s graphical foundation for schedules [48], and Hildebrandt’s sheaf-based approach to fair testing equivalence [31]. The latter uses related techniques, namely sheaves,
for different purposes. There, sheaves are used to correctly handle infinite behaviour,
whereas here they are used to force reactions of agents to depend only on their view.
1.9. Plan. In previous work [33], we have defined an algebraic notion called playground,
which encompasses what’s needed for our approach to apply. Namely, it organises configurations, atomic actions, and traces into a pseudo double category [18, 19, 27, 28, 42, 24]
with additional structure. Any playground D automatically gives rise, among other things,
to
● categories of innocent strategies SX , on each configuration X, organised into a
pseudo double functor from Dop to small categories;
● a simple, yet complete syntax for innocent strategies, together with an lts SD for
them over an alphabet built from atomic actions.
After introducing some notation and our ‘chemical’ variant of the π-calculus and its fair
testing equivalence, denoted by ∼Conf
, in Section 2, we construct such a playground D for the
f
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
7
π-calculus in Section 3. We continue in Section 4 by applying results from [33] to define our
sheaf model and semantic fair testing equivalence ∼f . In Section 5, we prove that our model
is equivalent to a more standard presentation in terms of an lts S for strategies (derived
from SD ). We then define a further, more syntactic lts M which we prove equivalent to
S. We finally give our translation ⟦−⟧ of π, whose intensional full abstraction is reduced
by the previous results to that of intensional full abstraction of an induced translation to
M, which lives in the realm of ltss. We prove the latter, which leads to our main result
(Corollary 5.27).
2. Notation and preliminaries
First of all, we adopt the notation of [33, Section 2], with the slight modification that set
now denotes the category with finite subsets of N as objects, and all maps as morphisms.
(This category is equivalent to what we used in [33], but slightly easier to work with for
̂ the category of presheaves on C, and by C
Ì the category of
our purposes.) We denote by C
presheaves of finite sets, i.e., of contravariant functors to set. For any category C, let Cf
denote the full subcategory of finitely presentable objects [2], or finite objects for short. In
the only case where we’ll use this, C will be a presheaf category [Cop , set] and furthermore
Ì f will be equivalent to the category of elements of F
due to the special form of C, F ∈ C
being finite, i.e., ∑c∈ob(C) F (c) is finite and similarly for morphisms.
To recall some bare minimum: we often confuse objects C of a category C with the
̂ Gph denotes the category of reflexive graphs,
corresponding representable presheaves yC ∈ C.
and all our graphs are reflexive so we often omit mentioning it. We think of morphisms
p∶ G → A as ltss over the alphabet A, except that for reasons specific to playgrounds our
convention is that a transition from x to y is represented as an edge x ← y.
For any graph G, G⋆ denotes the graph with the same objects and all paths between
them; on the other hand, fc(G) denotes the free category on G, i.e., the category with the
same objects and identity-free paths between them. Both (−)⋆ and fc extend to functors,
i.e., act on morphisms. We often silently coerce fc(G) into a reflexive graph, and denote
by ̃
− the obvious morphism G⋆ → fc(G). For any graph p∶ G → A over A, x, y ∈ ob(G),
ρ
and path ρ∶ p(y) → p(x) in A⋆ , we denote by x ⇐
Ô y the existence of a path r∶ y → x in G⋆
⋆ (r) = ρ
̃. When ρ is the empty path we just write x ⇐
such that p̃
Ô y. We denote weak
bisimilarity over some alphabet A by ≈A .
A pseudo double category D consists of a set ob(D) of objects, shared by a ‘horizontal’
category Dh and a ‘vertical’ bicategory Dv . Since we won’t consider strict double categories, we’ll often omit the word ‘pseudo’. Following Par´e [55], Dh , being a mere category,
has standard notation (normal arrows, ○ for composition, id for identities), while the bifor arrows, ● for composition, id ● for identities). D
category Dv earns fancier notation (
is furthermore equipped with a set of double cells α, which have vertical, resp. horizontal,
domain and codomain, denoted by domv (α), codv (α), domh (α), and codh (α), together
with composition operations satisfying some axioms. For any (pseudo) double category D,
we denote by DH the category with vertical morphisms as objects and double cells as morphisms, and by DV the bicategory with horizontal morphisms as objects and double cells as
morphisms. Domain and codomain maps arrange into functors domv , codv ∶ DH → Dh and
domh , codh ∶ DV → Dv . We will refer to domv and codv simply as dom and cod, reserving
subscripts for domh and codh .
8
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
2.1. Fair testing equivalence. In [33], a non-trivial abstract framework was defined for
studying fair testing equivalence and its relationship with weak bisimilarity. We won’t use
this here, and instead work with the following simpler definition of fair testing equivalence.
We first define the reflexive graph Σ as follows:
♡
●
τ ,
where τ is the chosen identity edge.
Definition 2.1. A graph with testing is a graph G together with a morphism p∶ G → Σ
and a relation R∶ (ob(G))2
ob(G) whose domain is an equivalence relation and which is
partially functional up to weak bisimilarity over Σ.
The domain being an equivalence relation more precisely means that the binary relation
(x, y) ↦ ∃z.(x, y) R z is an equivalence relation.
Partial functionality up to weak bisimilarity means that if (x, y) R z and (x, y) R z ′ ,
then z ≈Σ z ′ .
Notation 2.2. The relation is called the testing relation, and we denote it by ∣G , i.e.,
(x, y) R z is denoted by z ∈ (x ∣G y). Furthermore, its domain is denoted by ¨G . We use ∣
and ¨ when there is no ambiguity. Furthermore, since ∣ is partially functional up to weak
bisimilarity, for any (x, y) R z, as long as what we say about z is invariant under weak
bisimilarity, then it also holds for any other z ′ such that (x, y) R z ′ . In such cases, we
implicitly make some global choice of z and consider ∣ as partially functional.
Definition 2.3. For any graph with testing, let –G denote the set of objects x such that
♡
for all x ⇐
Ô y, there exists y ⇐
Ô z.
Any two objects x and y are fair testing equivalent iff x ¨G y and for all z ¨G x,
(x ∣G z) ∈ –G iff (y ∣G z) ∈ –G .
Notation 2.4. We denote fair testing equivalence in G by ∼G
f . Given x, any z such that
x ¨ z is called a test for x, and x passes the test iff (x ∣G y) ∈ –G .
2.2. A π-calculus. We now make precise the variant of π with which we’ll work. We use
a chemical abstract machine presentation, based on infinite terms, thus sparing us the need
for recursion or replication constructs. Also, we keep track of the channels known to the
considered process, i.e., we work with a ‘natural deduction’ presentation of terms.
Processes are infinite terms coinductively generated by the grammar
γ ⊢g P1
γ ⊢g Pn
...
γ⊢P
γ⊢Q
γ ⊢P ∣Q
γ ⊢ ∑ Pi
i∈n
γ, a ⊢ P
γ⊢P
γ⊢P
γ ⊢g νa.P
γ ⊢g ♡.P
γ ⊢g τ.P
a∈γ
γ, b ⊢ P
γ ⊢g a(b).P
a, b ∈ γ
γ⊢P
γ ⊢g a
¯⟨b⟩.P
where
● we have two judgements, ⊢ for processes and ⊢g for guarded processes;
,
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
9
● γ ranges over finite sets of natural numbers, and
● γ, a is defined iff a ∉ γ and then denotes γ ⊎ {a}.
Notation 2.5. Let Pi be the set of all such (non-guarded) processes. Let Pi γ denote the
set of processes γ ⊢ P .
In the following, processes are considered equivalent up to renaming of bound channels.
Capture-avoiding substitution extends the assignment γ ↦ Pi γ to a functor set → Set
mapping σ∶ γ → γ ′ to P ↦ P [σ].
Notation 2.6. For any γ ⊢g P , γ ⊢ Q of the form ∑i∈n Qi , and injection h∶ n ↪ n + 1, we
denote by P +h Q the sum ∑j∈n+1 Pj , where Ph(i) = Qi for all i ∈ n and Pk = P , for k the
unique element of (n + 1) ∖ Im(h).
⊙
Definition 2.7. A configuration is an element of Conf = ∑γ∈Pf (N) Pi ⊙
γ , where − denotes
the finite multiset monad.
Notation 2.8. Configurations (γ, S) will be denoted by ⟨γ∥S⟩, and we will use list syntax
[P1 , . . . , Pn ] for multisets, sometimes dropping brackets, e.g., as in ⟨γ∥P1 , . . . , Pn ⟩. We
sometimes resort to a hopefully clear ‘multiset comprehension’ notation [P ∣ ϕ(P )]. We use
∪ for multiset union.
In Figure 1, we extend Conf to a graph over Σ (omitting identity edges). There, we let
R and R′ range over processes of the form ∑i∈n Pi . The last rule makes sense because each
transition as in the premise implicitly comes with an inclusion h∶ γ1 ↪ γ2 , and the second
occurrence of S is implicitly S[h].
τ
τ
⟨γ∥P ∣ Q⟩ ←
Ð ⟨γ∥P, Q⟩
τ
⟨γ∥τ.P +h R⟩ ←
Ð ⟨γ∥P ⟩
⟨γ∥νa.P +h R⟩ ←
Ð ⟨γ, a∥P ⟩
⟨γ∥♡.P +h R⟩ ←
Ð ⟨γ∥P ⟩
♡
τ
⟨γ∥a(b).P +h R, a
¯⟨c⟩.Q +h′ R′ ⟩ ←
Ð ⟨γ∥P [b ↦ c], Q⟩
α
⟨γ1 ∥S1 ⟩ ←
Ð ⟨γ2 ∥S2 ⟩
α
⟨γ1 ∥S ∪ S1 ⟩ ←
Ð ⟨γ2 ∥S ∪ S2 ⟩
(α ∈ {τ, ♡})
Figure 1: Reduction rules for Conf
We now make pConf ∶ Conf → Σ into a graph with testing.
Definition 2.9. For any ⟨γ∥S⟩, ⟨γ ′ ∥S ′ ⟩ ∈ Conf, let ⟨γ∥S⟩@⟨γ ′ ∥S ′ ⟩ denote ⟨γ∥S ∪ S ′ ⟩ if
γ = γ ′ and be undefined otherwise. Let furthermore γ = ⟨γ∥⟩.
Then @, as a partial map, is in particular a relation ob(Conf)2
ob(Conf), whose domain is obviously an equivalence relation. Being partially functional, it is trivially partially
functional up to weak bisimilarity. This shows:
Proposition 2.10. The graph pConf ∶ Conf → Σ over Σ with @ as testing relation forms a
graph with testing.
Definition 2.3 thus yields ∼Conf
which we take as our definition of fair testing equivalence
f
for π.
10
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
Notation 2.11. Just as Pi , Conf extends to a functor set → Set by capture-avoiding
substitution. When γ ⊆ γ ′ , for any C ∈ Conf γ and C ′ ∈ Conf γ ′ , we sometimes implicitly
coerce C into Conf γ ′ (by action of the inclusion), so that C@C ′ is defined and denotes
C[γ ⊆ γ ′ ]@C ′ (in Conf γ ′ ).
3. A playground for π
3.1. The main double category. In this section, we define the base double category D
of our playground for the π-calculus. It is a sub-double category of a double category of
cospans on a presheaf category. We start by describing the base category over which we
take presheaves.
3.1.1. The base category. Consider the graph GC with as vertices
● a vertex ⋆,
● for any n ∈ N an object [n],
● for any n, m, i ∈ n, and j, k ∈ m, objects πnl , πnr , πn , νn , ♡n , ιn,i , om,j,k , τn,i,m,j,k , τn ,
and, for all n, m ∈ N,
● edges s1 , ..., sn ∶ ⋆ → [n],
● for all j, k ∈ n and v ∈ {τn , πnl , πnr , ♡n , on,j,k }, edges s, t∶ [n] → v,
t
s
● edges [n] Ð
→ νn ←
Ð [n + 1],
t
s
● for all i ∈ n, edges [n] Ð
→ ιn,i ←
Ð [n + 1]
l
r
● edges πnl Ð
→ πn ←
Ð πnr ,
ρ
● for all i ∈ n and j, k ∈ m, edges ιn,i Ð
→ τn,i,m,j,k ←
Ð om,j,k .
Let C be the free category on GC , modulo the relations
t ○ si = s ○ si (for any n, i ∈ n, and v ∈ {τn , πnl , πnr , ♡n , ιn,i , on,j,k , νn }),
l○t=r○t
ρ ○ t ○ si = ○ t ○ sj
ρ ○ s ○ sn+1 = ○ s ○ sk .
We equip the objects of C with a dimension: ⋆ has dim 0, any [n] has dim 1, all of
τn , πnl , πnr , ♡n , ιn,i , on,j,k , νn have dim 2, πn has dim 3, τn,i,m,j,k has dim 4.
Definition 3.1. We accordingly define the dimension of a presheaf X on C to be the lowest
d ∈ N such that for any c ∈ C of dimension strictly greater than d, X(c) = ∅.
A configuration is a finite presheaf in [Cop , set] of dimension at most 1. An interface
is one of dimension 0.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
[n + 1] [p] [p] [p + 1] [p] ∣ [p]
11
[p]
[p]
[m]
[m] c,d ∣ a,n+1 [n + 1]
πpl
πpr
om,c,d
ιn,a
♡p
τp
νp
πp
τn,a,m,c,d
[p]
[p]
[m]
[n]
[p] [p]
[p]
[p]
[m] c ∣ a [n]
Figure 2: Seeds
3.1.2. A double category of cospans. Consider the double category D0 with
● configurations as objects,
● horizontal morphisms X → Y given by all natural transformations h∶ X → Y ,
s
t
̂
● vertical morphisms X → Y given by cospans X Ð
→U ←
Ð Y in C,
● and double cells U → V given by commuting diagrams
k
X′
Y′
sU
sV
l
U
(3.1)
V
tU
tV
X
h
Y.
3.1.3. Actions and the main double category. We now restrict our double category to certain
morphisms representing π-calculus traces. We start by defining actions, and then traces as
vertical composites of actions. Actions are defined in two stages: first, seeds give their local
forms, they are then extended by embedding into larger configurations.
Notation 3.2. We denote by [m] a1 ,...,ap ∣ b1 ,...,bp [n] the configuration consisting of an m-ary
agent x and an n-ary agent y, quotiented by the equations x ⋅ sak = y ⋅ sbk for all k ∈ p. When
both lists are empty, by convention, m = n and x and y share all channels in order.
Definition 3.3. Let seeds denote the set of vertical morphisms described for all p, n, m,
a ∈ n, and c, d ∈ m in Figure 2, where lower legs are t’s and upper legs are s’s (resp. the
obvious copairings of si ’s).
s
t
The canonical interface of a seed Y Ð
→ M ←
Ð X is the interface IX containing all
channels common to Y, M , and X. Equivalently, it is X(⋆) ⋅ ⋆, the X(⋆)-fold coproduct of
the representable on ⋆. It obviously comes with a commuting diagram
IX
Y
M
X.
Definition 3.4. A map h is 1-injective if hc is injective in any dimension > 0.
An action is a cospan obtained by pushout of a seed M along any 1-injective map h,
as in
12
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
Y
Y′
M
M′
IX
(3.2)
Z
X ′,
X
where the dashed arrows are obtained by universal property of pushout.
Definition 3.5. We call trace any cospan in [Cop , set] isomorphic (as an object of D0H ) to
some (finite, possibly empty) composite of actions. Let D denote the sub-double category
of D0 obtained by restricting
● vertical morphisms to traces,
● horizontal morphisms to 1-injective maps,
● double cells to diagrams (3.1) in which k, l, and h are 1-injective.
Proposition 3.6. D indeed forms a sub-double category of D0 , i.e., is stable under all
composition operations.
Proof. The only non-obvious point is that double cells in D are stable under vertical composition, and in particular that the middle component of the composite is 1-injective. This
follows from the next two lemmas.
Lemma 3.7. For any morphism (3.1) in D0H , if U and V are traces, then the upper square
is a pullback.
Proof. For any trace Y → P ← X, Y → P is mono, and we furthermore have Y (⋆) ≅ P (⋆),
plus, for all n, Y [n] consists of all elements of P [n] which are not in the image of (the
action of) any map in V0 .
Now, consider any double cell as in (3.1). By construction, the mediating arrow X ′ →
U ×V Y ′ is mono. To show that it is epi, we proceed pointwise. Over ⋆, the result follows
from the above observation. Over [n], if x ∈ (U ×V Y ′ )[n] then x ∈ U [n] and l(x) ∈ V [n]
is not in the image of (the action of) any t ∈ V0 . But if there existed y ∈ U (c) such that
y ⋅ t = x, then by naturality we would have l(y) ⋅ t = l(x), contradicting the latter.
Lemma 3.8. In sets, consider any cube
I
B
A
I′
C
B′
A′
f
C ′,
with the marked pushouts and pullback, and with all arrows mono except perhaps f . Then,
f is also mono and the front square is also a pullback.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
13
Proof. Any such cube is naturally isomorphic to some cube of the shape
n+q
n
n+m
injl
n+m+q
injl +k
n+h
n + n′
f =n+h+k
n + n′ + r
injl
n + n′ + p
n + n′ + p + r,
the only non-trivial point being that the map n + q → n + n′ + r has the given shape. But
that’s because we know that its pullback along n + n′ → n + n′ + r is injl , so the image of q
has to lie in r.
We mention in passing the useful
Corollary 3.9. Consider any cube
X
B
A
X′
C
B′
A′
f
C ′,
̂ in which all arrows except perhaps f are 1-injective, and the marked squares are
in C
pushouts, resp. pullbacks. Then f is also 1-injective.
Proof. We proceed pointwise. On any object C of dimension > 0, we obtain a diagram in
sets for which the lemma applies.
3.2. Codomain is a fibration. In this section, we prove that D satisfies the primary
axiom for playgrounds, namely that the codomain functor DH → Dh is a fibration. We
̂ from which we
proceed as follows. We first define a (strong) factorisation system on C,
1
0
derive an intermediate sub-double category D ↪ D ↪ D such that D1v contains traces.
By the properties of factorisation, the codomain functor D1H → D1h is a fibration. Finally,
DH → Dh being a fibration follows from the fact that cartesian liftings of any trace along any
morphism in Dh are in DH . We first check this for seeds. Next, using a covariant oplifting
construction, we check the desired property for actions. Finally, we extend the result to
arbitrary traces.
14
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
3.2.1. A factorisation system. Our main tool is the following (strong) factorisation system
̂ (see the definition right after Proposition 3.11 below). The idea is that all three
(V, H) on C
components of cartesian morphisms in DH are in H, while t-legs of vertical morphisms are
in V. The cartesian lifting of V in (3.1) along h∶ X → Y is then given by factoring tV ○ h as
l ○ tU with tU ∈ V and l ∈ H to obtain
k
X′
Y′
sU
sV
U
l
tU
(3.3)
V
tV
X
h
Y,
where the upper square is a pullback.
Our factorisation system is ‘cofibrantly generated’ as prescribed by Bousfield [6].
Definition 3.10. Let V0 denote the set of ‘t’-legs (i.e., lower legs) of seeds.
Bousfield then defines H = V–0 to be the class of maps f such that for any t ∈ V0 and
̂ → , there exists a unique filler h making the following
commuting square (u, v)∶ t → f in C
diagram commute:
X
u
X′
h
t
Y
f
′
v
Y .
In this situation, one says that f is right-orthogonal to t, and t is left-orthogonal to f , which
is denoted by t – f .
Bousfield finally defines V = – H to consist of all maps which are left-orthogonal to any
map in H. He then shows:
Proposition 3.11. The pair (V, H) forms a factorisation system.
What does that mean? Here is a modern definition:
Definition 3.12. The classes of maps V and H form a factorisation system iff V = – H,
V– = H, and any arrow factors as h ○ v with h ∈ H and v ∈ V.
̂ would admit a factorisation uses a transfinite
Bousfield’s proof that any map in C
construction (a so-called small object argument). But here we will only need factorisations
of particular morphisms, which we will actually be able to calculate by hand. Bousfield’s
results include:
Lemma 3.13. V is stable under pushout and composition, contains all isomorphisms, and
enjoys the right cancellation property, i.e., if v ∈ V and f v ∈ V, then f ∈ V.
H is stable under pullback and composition, contains all isomorphisms, and enjoys the
left cancellation property, i.e., if h ∈ H and hf ∈ H, then f ∈ H.
Remark 3.14. Stability under pushout is ambiguous here: we mean that for any pushout
X
v
Z
Y
v′
T,
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
15
if v ∈ V, then v ′ ∈ V. Stability under pullback is defined dually.
3.2.2. A first ‘fibred’ double category. We now make concrete the idea evoked in the previous
section, of using our factorisation system to obtain a codomain fibration. Consider the subs
t
double category D1 of D0 obtained by restricting vertical morphisms to cospans X Ð
→U ←
ÐY
with t ∈ V. Its vertical morphisms are stable under composition and contain identities by
Lemma 3.13, i.e.:
Lemma 3.15. D1 forms a sub-double category of D0 .
Lemma 3.16. Traces are vertical morphisms in D1 , i.e., we have D ↪ D1 .
Proof. By Lemma 3.13.
The main interest of introducing D1 is:
Lemma 3.17. The codomain functor cod∶ D1H → D1h is a fibration. Double cells as in (3.1)
for which l ∈ H and whose upper square is a pullback are cartesian.
Proof. We show that the lifting candidate computed in (3.3) is cartesian. Indeed, consider
any double cell (3.3), and any morphism from some vertical morphism Z ′ → W ← Z to V
whose bottom component factors through h∶ X → Y . By unique lifting in (V, H), we obtain
a unique dashed arrow making
Z
X
U
Y
W
V
commute. We finally obtain the desired arrow Z ′ → X ′ by universal property of pullback.
3.2.3. Codomain is a fibration. We finally prove that DH → Dh is a fibration. In fact, we
start by constructing covariant liftings, which we here call opliftings.
To compute the oplifting of Y → U ← X along h∶ X → X ′ , observe that, h being
1-injective, we can complete the solid part of
IX
⊆
X
Z
⊆
′
X
into a pushout, where IX = X(⋆) ⋅ ⋆ is the canonical interface of X. Indeed, we take
Z(⋆) = X ′ (⋆), Z[n] = X ′ [n] ∖ Im(h[n] ) for all n, and IX → Z is uniquely determined by h⋆ .
In passing, we have:
Lemma 3.18. This pushout is uniquely determined up to canonical isomorphism by h alone.
Then, we observe that, because U is a trace, IX → X → U factors through Y → U .
Hence, we may push the whole cospan along IX → Z as in
16
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
Y
Y′
U
U′
IX
Z
X ′.
X
All horizontal maps are 1-injective by construction, and we have:
Lemma 3.19. The obtained cospan Y ′ → U ′ ← X ′ is a trace.
Proof. We start by showing that U ′ is an action if U is. So assume U is obtained by
pushing a seed Y0 → M0 ← X0 along some IX0 → Z0 . Then, Z0 → X is surjective on ⋆
because IX0 → X0 is and epis are stable under pushout. Thus, IX → X factors through
Z0 → X. Let Z ′′ denote the pushout
IX
Z0
Z
Z ′′ .
By the pushout lemma, Y ′ → U ′ ← X ′ is isomorphic to the cospan obtained by pushing
Y → U ← X along Z0 → Z ′′ . By the pushout lemma again, it is isomorphic to the cospan
obtained by pushing Y0 → M0 ← X0 along IX0 → Z0 → Z ′′ . Thus, it is indeed an action.
We now prove the general case by induction on U . This is trivial if U is isomorphic to
an identity. If now U is a composite Z
along h to obtain a double cell, say
Y
M
X
V
Y
h′
αM
h
M
X, then we compute the oplifting of M
Y′
M′
′
X,
by pushing M along some morphism IX → Z1 making
IX
X
Z1
h
X′
into a pushout.
The crucial insight is then that by computing the following pushout Z2 and applying
its universal property, we have a diagram
IX
IY
Y
(3.4)
Z1
Z2
Y
′
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
17
whose exterior is a pushout by construction. So by the pushout lemma the right-hand
square is again a pushout, which by Lemma 3.18 is the unique pushout along which to push
V to compute the oplifting of V along h′ , say
h′
Z
Z′
αV
V
Y
V′
′
Y .
h
By induction hypothesis, V ′ is again a trace. But by the pushout lemma again, αV is also
what we obtain by pushing V along the exterior rectangle of (3.4). A bunch of applications
of the pushout lemma finally yields that αM ● αV is the oplifting of M ● V along h, whose
horizontal codomain is thus a trace by construction.
Remark 3.20. Such opliftings are not opcartesian in general, and such opcartesian morphisms do not exist in general.
We now show that restrictions of seeds are traces.
h
t
Lemma 3.21. Consider any diagram X ′ Ð
→XÐ
→ M , where t ∈ V0 and h ∈ Dh (X ′ , X). Its
t′
h′
factorisation X ′ Ð
→ M ′ Ð→ M with t′ ∈ V and h′ ∈ H is such that h′ is 1-injective and the
obtained restriction is a trace of length at most 2. If X ′ is an individual, i.e., a configuration
of the shape [n], then t′ is a seed. If X ′ is an interface, then t′ is an iso.
Proof. We proceed by a stupid case analysis. In each case, one has to check that h′ is
1-injective, that X ′ individual implies t′ seed, that X ′ interface implies t′ iso, and that the
upper leg of the obtained cospan is as expected: this is routine so we mention it here once
and for all. If M = yc , for c not of the shape τn,i,m,j,k , then we have X = [n]. If idc ∈ Im(h),
then X ′ = [n] + I for some interface I (since h is 1-injective). Consider the diagram
M +I
[id,tk]
M
t+idI
t
[n] + I
h=[id,k]
[n].
The map t + idI is in V by Lemma 3.13, so we just have to prove that [id, tk] is in V–0 , which
is a simple verification.
If now idc ∉ Im(h), then X ′ is an interface, and the relevant factorisation is
X′
t○h
t
id
X
M
′
h
(3.5)
[n],
because t ○ h is easily checked to be in V–0 .
The case of τn,i,m,j,k is a bit more complicated. Here, t is actually t0 = [ρt, t]. First of
all, if X ′ is an interface, then we obtain a factorisation analogous to (3.5). Consider now
the case where Im(h) contains both agents of [n] i ∣ j [m]. Let x denote the n-ary one and y
denote the m-ary one (in X ′ ). If x ⋅ si = y ⋅ sj , then X ′ = ([n] i ∣ j [m]) + I for some interface
I and the required factorisation is easily seen to be
18
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
[id,t0 k]
τn,i,m,j,k + I
τn,i,m,j,k
t0
t0 +id I
([n] i ∣ j [m]) + I
[n] i ∣ j [m].
h=[id,k]
Consider now the case where X ′ still contains both agents but x ⋅ si ≠ y ⋅ sj . Then
X = [n] + [m] + I for some interface I, and the required factorisation is
′
[ρ,,t0 k]
ιn,i + om,j,k + I
τn,i,m,j,k
t0
t+t+id I
[n] + [m] + I
[n] i ∣ j [m].
[x,y,k]
The only non-trivial point here is to show that [ρ, , t0 k] is in V–0 , which easily reduces
to showing that there is no commuting square
[n] i ∣ j [m]
ιn,i + om,j,k + I
u
t0
[ρ,,t0 k]
τn,i,m,j,k
τn,i,m,j,k ,
v
which is true because there is no such u.
The cases where X ′ only contains one agent of [n] i ∣ j [m] are similar to the latter case:
if it contains x then the factorisation is through ιn,i , and otherwise it is through om,j,k .
We now scale the previous lemma from seeds to actions, for which we need the following
lemmas.
Definition 3.22. Let Agents(X) = ∑n∈N X[n] denote the set of agents of any configuration
X.
Lemma 3.23. For any seed Y → C ← X, the morphism
[x](n,x)
[n] ÐÐÐÐ→ X
∑
(n,x)∈Agents(X)
is epi.
Proof. This is trivial except in dimension 0. There, if C ≠ τn,i,m,j,k then X is representable
so the result is again trivial. If finally C = τn,i,m,j,k , then it’s easy.
Corollary 3.24. For all arrows as in
h
X
h′
U
t
C
g
U
f
′
̂ such that f is 1-injective, t ∈ V0 , and f h = gt = f h′ , we have h = h′ .
in C
Proof. We construct the diagram
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
19
he
∑(n,x)∈Agents(X) [n]
U
h′ e
e
h
X
U
h′
t
C
f
U ′,
g
and observe that h′ e = he by 1-injectivity of f , hence h = h′ because e is epi by Lemma 3.23.
Lemma 3.25. Opliftings of traces are cartesian.
f
Proof. Consider any oplifting U Ð
→ U ′ of Y → U ← X along, say X → X ′ . By Lemma 3.17,
it is enough to show that the middle arrow U → U ′ is in H and that its upper square is a
pullback. The latter follows from Lemma 3.7. So we just have to show that any square
u
Z
U
t
C
U′
v
with t ∈ V0 admits a unique lifting C → U . By the Yoneda lemma, v amounts to an element
of U ′ (C) of dimension > 1, but by construction U and U ′ have exactly the same such
elements. This yields a candidate lifting, say k, which makes the bottom triangle commute
by construction. The top one finally commutes by Corollary 3.24 with h = u and h′ = kt.
s
t′
t
Lemma 3.26. For any action Y Ð
→M ←
Ð X and h ∈ Dh (X ′ , X), the factorisation X ′ Ð
→
h′
P ′ Ð→ M of th with t′ ∈ V and h′ ∈ H is such that h′ is 1-injective and the obtained restriction
is a trace of length at most 2. If X ′ is an individual then it is either a seed or an iso; if X ′
is an interface then it is an iso.
Proof. Consider any action Y → M ← X obtained by pushing the following seed-withinterface along I → Z:
I
Y0
M0
X0 .
By Lemma 3.25, σ0 ∶ M0 → M is cartesian.
Consider the pullback of the left-hand square below along h∶ X ′ → X to obtain the
right-hand square:
I
Z
I′
Z′
(3.6)
X0
X
X0′
X ′,
which, because presheaf categories are adhesive [39] and I → X0 is mono, is again a pushout.
Furthermore, consider the pullback
20
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
X0′
X0
X′
X
in Dh . By Lemma 3.21, restricting M0 along X0′ → X0 yields a trace, say Y0′ → P0′ ← X0′ with
a morphism to Y0 → M0 ← X0 in DH . Since it is a trace, I ′ ↪ X0′ ↪ M0′ factors through
Y0′ ↪ M0′ . Pushing Y0′ → P0′ ← X0′ along I ′ → Z ′ via the injection I ′ ↪ X0′ , we obtain
(because the obtained configuration is X ′ by the pushout (3.6)) a trace Y ′ → P ′ ← X ′ with a
morphism from Y0′ → P0′ ← X0′ in DH , which is an oplifting, hence cartesian (by Lemma 3.25).
Then, by universal property of pushout we obtain a unique morphism f ∶ P ′ → M making
the front face of the following cube commute:
I′
Z′
P0′
P′
I
f
Z
M0
M.
By Corollary 3.9, f is 1-injective, which entails that the induced morphism of traces is in
DH .
We now need to show that P ′ → M is cartesian, which by Lemma 3.7 amounts to
showing that its middle arrow f ∶ P ′ → M is in H. To this end, consider any morphism
̂ → . First of all, because M0 → M is identity
t∶ Z ′′ → C in V0 and morphism (u, v)∶ t → f in C
in dimensions > 1, the morphism v uniquely factors through M0 → M . Furthermore, in
all cases where f0 ∶ P0′ → M0 is identity in dimensions > 1, the Yoneda lemma entails that
C → M0 uniquely factors through f0 , which yields a diagram
u
l
Z ′′
?
P0′
k
C
f0
M0
g
P′
f
M,
v
which commutes except perhaps for the upper part marked ‘?’. But the latter also commutes
by Corollary 3.24 with h = u and h′ = gl. We thus obtain a lifting which is unique by 1injectivity of f .
So when is f0 non-identity in dimensions > 1? By inspection of the proof of Lemma 3.21,
this is when M0 = τn,i,m,j,k for some n, m, i, j, k, and P0′ has one of the shapes ιn,i +J, om,j,k +J,
or ιn,i + om,j,k + J, for some interface J. In the first two cases, C ≠ τn,i,m,j,k because there
can be no u∶ [n] i ∣ j [m] → P ′ (one agent is missing in P ′ ), so the previous argument applies.
In the third case, letting x and y respectively denote the n- and m-ary initial agents in P0′
and a = x ⋅ si and a′ = y ⋅ sj the corresponding channels, one easily shows that g(a) ≠ g(a′ ),
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
21
so again there can be no u∶ [n] i ∣ j [m] → P ′ . Thus, C ≠ τn,i,m,j,k and the previous argument
again applies.
So far, we have shown that actions admitted cartesian liftings in DH . We now show
that it is also the case for arbitrary traces.
Lemma 3.27. In sets, for any commuting diagram
I
A
C
J
B
D
whose exterior rectangle is a pullback, with the marked pushout and monos, the right-hand
square is also a pullback.
Proof. We check the universal property of pullback for A, relative to 1, which is enough in
sets. So consider any commuting square
1
c
C
b
B
D.
First, we observe that there is at most one mediating arrow 1 → A, because A → B is mono.
If b does not have any antecedent in J, then because A + J → B is surjective, it has one
in A, say a. But then, because C → D is mono, a makes both required triangles commute
and we are done.
j
If b admits an antecedent in J, i.e., there exists j∶ 1 → B such that b is 1 Ð
→ J → B, then
we have a cone to C → D ← J, so we apply the universal property of pullback to obtain i
as in
1
c
i
j
I
A
C
J
B
D
b
i
making everything commute and so 1 Ð
→ I → A does the job.
Corollary 3.28. In sets, in any commuting cube
22
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
I
B
A
C
I′
B′
A′
f
C ′,
with the marked pushouts, pullback, and mono, the front square is also a pullback.
Proof. First, as monos are stable under pullback and pushout in sets, I → B, A → C, and
A′ → C ′ are also monos. Furthermore, pushouts along monos are also pullbacks, so the top
and bottom faces are also pullbacks. By the pullback lemma, the rectangle
I
I′
A′
B
B′
C′
is a pullback. The previous lemma thus entails the result.
Lemma 3.29. For any commuting diagram as the solid part of
V′
T
t
C
k
h
V
U′
f
U
with t ∈ V0 , h ∈ H, and f 1-injective, there is a unique lifting k as shown.
Proof. Because h ∈ H, there is a unique map from k ′ ∶ C → V ′ making both triangles commute. By composing k ′ with V ′ → U ′ , we obtain a lifting k for the desired square. Uniqueness follows from Corollary 3.24.
Lemma 3.30.
(P1) The codomain functor cod∶ DH → Dh is a subfibration of cod∶ D1H → D1h .
s
t
Proof. All that remains to prove that given any trace Y Ð
→U ←
Ð X and h ∈ Dh (X ′ , X), any
cartesian lifting in D1 lies in D, i.e., the obtained vertical morphism is again a trace and
the double cell to U lies in D (i.e., all its components are 1-injective).
We proceed by induction on U . If U is isomorphic to an identity, then the result is
obviously true. Otherwise, U = M ● V for some action M and trace V . Let us call Z the
final configuration of M . By Lemma 3.26, M admits a lifting P ′ along h, with a final
configuration Z ′ , and Z ′ → Z and fM ∶ P ′ → M are 1-injective. By induction hypothesis, V
admits a lifting V ′ along Z ′ → Z with a double cell to V in DH . Therefore, considering the
composite P ′ ● V ′ , we have a commuting diagram
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
Y′
Y
s′2
V
M ●V
Z
t′2
t2
s0
fM
P′
s2
t1
f
P′ ● V ′
Z′
s1
fV
V′
23
M
t0
X′
X,
where f is obtained by universal property of pushout.
Because pushouts along monos are also pullbacks in presheaf categories, both marked
pushouts are also pullbacks. Furthermore, by Lemma 3.7, Z ′ = P ′ ×M Z as shown. Also,
by Corollary 3.28, V ′ = (P ′ ● V ′ ) ×M ●V V as shown. Furthermore, by Corollary 3.9, f is
1-injective.
By Lemmas 3.17 and 3.7, we only need to show that f is in H, i.e., that it is rightt
orthogonal to any T Ð
→ C in V0 . Consider any commuting square
T
u
P′ ● V ′
f
t
C
v
M ● V.
Since M ● V is the coproduct of M and V in dimensions greater than 1 and C is a representable of dimension greater than 1, we have that v factors either through t2 or s2 .
If v factors through s2 , then by universal property of pullback we find a map u′ ∶ T → V ′
making
u
T
u′
P′ ● V ′
V′
t
C
V
s2
M ●V
v
commute. Then, by Lemma 3.29, we find a unique lifting as desired.
If v factors as t2 v ′ , then by Lemma 3.29, it is sufficient to show that there is a map
′
u ∶ T → P ′ making
24
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
u
T
u′
P′ ● V ′
P′
t
C
M
v′
M ●V
t2
v
x
commute. To that end, it is sufficient to show that for every [n] Ð
→ T , there is a map
fx
[n] Ð→ P ′ such that
[n]
x
T
(3.7)
fx
P′ ● V ′
P′
commutes. Indeed, if that is the case, then the square
∑(n,x)∈Agents(T ) [n]
[x](n,x)∈Agents(T )
T
[fx ](n,x)∈Agents(T )
P′ ● V ′
P′
also commutes, and since its top map is epi and its bottom map is mono, there is a unique
lifting u′ ∶ T → P ′ making both triangles commute. The square
T
u′
P′
t
C
M
v′
also commutes because it commutes when composed with t2 , which is mono.
fx
x
So we now need to show that for every [n] Ð
→ T , there is a map [n] Ð→ P ′ making the
square (3.7) commute. First of all, we notice that, since C is a seed, M an action, and T
and X are their respective initial configurations, there is a map T → X that makes
T
t
C
v′
X
M
commute.
[t′2 ,s′2 ]
ux
Because P ′ + V ′ ÐÐÐ→ P ′ ● V ′ is epi and [n] is a representable presheaf, [n] Ð→ P ′ ● V ′
factors through either t′2 or s′2 .
If it factors through s′2 , say as s′2 x′ , then we have
t2 (v ′ tx) = vtx = f ux = f s′2 x′ = s2 fV x′ ,
so by universal property of the pullback Z there exists a unique x′′ ∶ [n] → Z such that
s0 x′′ = v ′ tx and t1 x′′ = fV x′ . We thus obtain a commuting diagram
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
[n]
x′′
25
Z
x
T
t
C
v′
M,
which is impossible because Z is the final configuration of M .
Thus, ux factors through t′2 and we are done.
Remark 3.31. Restrictions of actions to individuals are either seeds or isos. Restrictions
of traces to interfaces are isos.
3.3. Towards the playground. In this section, we define additional structure on D to
make it into a candidate playground, and prove that it satisfies all the needed axioms but
two, which are treated in the next sections.
Remark 3.32. We make just one slight modification of the playground axioms, in not
imposing that the class B of basic actions be replete, i.e., closed under isomorphism in DH .
This does not change anything significant.
Definition 3.33. We recall from Lemma 3.21 that I, the set of individuals, consists of
representable configurations [n]. Let B, the set of basic seeds, consist of all seeds of shape
τn , πnr , πnl , νn , ♡n , ιn,i , or om,j,k . Full actions (notation F) are all actions obtained from seeds
of shape τn , πn , νn , ♡n , ιn,i , om,j,k , or τn,i,m,j,k . Closed-world actions (notation W) are those
actions obtained from seeds among τn , πn , νn , ♡n , τn,i,m,j,k . Finally, all decompositions of
any trace U into actions have the same length which we denote by ∣U ∣.
Lemma 3.34.
(P2) I, viewed as a subcategory of Dh , is discrete. Basic actions have no non-trivial
automorphisms in DH . Vertical identities on individuals have no non-trivial automorphisms.
(P3) (Individuality) Basic actions have individuals as both domain and codomain.
(P4) (Atomicity) For any cell α∶ U → U ′ , if ∣U ′ ∣ = 0 then also ∣U ∣ = 0.
X
X
Up to a special isomorphism in DH , all traces of length n > 0
U
αU
admit decompositions into n actions. For any U ∶ X Y of length
X
Y
¯
0, there is an isomorphism id ●X → U as on the right in DH .
U
(P5) (Fibration, continued) Restrictions of actions (resp. full actions) to individuals either are actions (resp. full actions), or have length 0.
Proof. (P2) and (P3) are easy. (P5) is also easy in view of Lemma 3.30 and its proof.
For (P4), any vertical X → U ← Y of length 0, being a trace, is isomorphic to an identity
≅
≅
cospan, say Z → Z ← Z. To construct αU , just take the composite id ●X Ð
→ id ●Z Ð
→ U.
The axiom for views is really easy. It actually becomes stronger because of Remark 3.32,
though this does not affect the rest of the construction:
Definition 3.35. Let B0 be the full subcategory of DH having as objects basic seeds and
vertical identities between individuals.
Lemma 3.36.
(P6) for any y∶ d → Y in Dh with d ∈ I, there exists a unique cell
26
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
d
v y,M
y,M
d
y
αy,M
yM
Y
M
X,
with v y,M ∈ B0 .
Proof. A straightforward case analysis.
Remark 3.37. The important result that Axiom (P6) entails [33, Proposition 4.24] says
that when we replace M with any trace u, we get a double cell αy,u which is only unique up
to isomorphism. Below, we still define views up to isomorphism, so our modified Axiom (P6)
does not make this any stronger.
Lemma 3.38.
(P9) For any X, I/X is finite, and there are, up to isomorphism in DH (X), only finitely
many actions with codomain X.
Proof. Easy.
Following [33], we state:
Definition 3.39. We recall that Agents(X) denotes the set ∑n X[n] of agents of any
X, let AgentsM (X ′ ) = {(d′ , x′ ) ∈
configuration X. Furthermore, for any action M ∶ X ′
′
Agents(X ′ ) ∣ ∣v x ,M ∣ ≠ 0}.
For any X, let [F]X be the set of isomorphism classes of full actions with codomain
X, in DH (X) (i.e., with identity vertical codomain). Similarly, let Bd denote the set of all
basic seeds with codomain d. Let then χ denote the map
[F]d → Pf (Bd )
M ↦ {B ∈ Bd ∣ ∃α ∈ DH (B, M )}.
The map χ is easily checked to be well-defined. The next axiom to check demands that
basic sub-actions of a full action [M ] ∈ [F]d may not be sub-actions of other full actions.
Lemma 3.40.
(P10) (Basic vs. full) For any d ∈ I and M, M ′ ∈ [F]d , if M ≠ M ′ , then χ(M ) ∩ χ(M ′ ) = ∅.
Proof. Straightforward.
The last lemma is straightforward, but observe that it is crucial here that [n] alone
cannot receive one of its already known channels. More precisely, let ιn,i,j be ιn,i , quotiented
by s ○ sn+1 = s ○ sj , for j ∈ n. Further let [n]/{i = j} denote [n] quotiented by si = sj . The
cospan
s
t
[n + 1]/{n + 1 = j} Ð
→ ιn,i,j ←
Ð [n]
is not an action. Hence, consider, e.g., the synchronisation on [n] i,l ∣ j,k [m] where [m] sends
k on j. Its restriction to the receiver is ιn,i , not ιn,i,l . That said, (P10) is only necessary for
parts of playground theory that we don’t use here, namely the adequation between innocent
strategies and the ‘process’ language derived from full actions in [33].
There only remain two axioms for playgrounds, called right and left decomposition,
respectively. These require the development of more machinery, which we undertake in the
next section.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
27
3.4. Correctness criterion. We prove a few properties of traces, which we then find are
sufficient for a cospan to be a trace.
Given a trace X ↪ U ↩ Y , we start by forgetting the cospan structure and exhibiting
some properties of U alone.
Ì f is an element of dimension > 1 which is not
Definition 3.41. A core of a presheaf U ∈ C
the image of any element of higher dimension.
Here is a first easy property of traces. Before the next definition, observe that for all
seeds Y ↪ M ↩ X, M is a representable presheaf.
Definition 3.42. A presheaf U is locally 1-injective iff for any seed Y ↪ M ↩ X with
interface I and core µ ∈ U (M ), if two elements of M are identified by the Yoneda morphism
µ∶ M → U , then they are in (the image of) I(⋆).
Proposition 3.43. Any trace U is locally 1-injective.
Proof. Choose a decomposition of U into actions; µ corresponds to precisely one such action,
say M ′ , obtained, by definition, from some seed M as a pushout (3.2). By construction
of pushouts in presheaf categories, M ′ is obtained from M by identifying some channels
according to I → Z.
Observe that, because local 1-injectivity only is about cores, an input which is part of
a synchronisation may receive an already known channel, even if its n + 1th channel is not
part of its interface — because it is not a core.
We now extract from any presheaf a graph, which represents its candidate causal structure. Let, for any presheaf U , el(U ) denote its category of elements.
Definition 3.44. In any U , the sources of a core µ are the agents x with a morphism, in
f ○s○f ′
el(U ), of the shape x ÐÐÐ→ µ to µ; its targets are the agents y with a morphism of the
f ○t○f ′
shape y ÐÐÐ→ µ.
Example 3.45. In the representable πn , there is one target, l ○ t (or equivalently r ○ t), and
two sources, s1 = l ○ s and s2 = r ○ s. Another example is τn,i,m,j,k , which has two targets,
○ t and ρ ○ t, and two sources.
Definition 3.46. For any presheaf U and core µ ∈ U (M ), we say that a ∈ Im(M (⋆)) is
created by µ iff M is either νn or ιn,i for some (n, i), and a is the image of s ○ sn+1 .
Given a presheaf U , we construct its causal (simple) graph GU as follows:
● its vertices are all channels, agents, and cores in U ;
● there are edges to each core from its sources and from each core to its targets, as in
source1
source2
core
target1
target2 ;
● there is an edge x → x ⋅ si for all x ∈ U [n] and i ∈ n;
● there is an edge a → µ for each channel a created by µ.
28
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
Note that edges a → µ from a channel to an input action exist only if the involved
action is not part of a synchronisation; for in this case the synchronisation is a core, not
the input.
The obtained graph is actually a binary relation, since there is at most one edge between
any two vertices. It is also a colored graph, in the sense that it comes equipped with a
morphism to the graph L:
∞
1
0,
mapping cores to ∞, agents to 1, and channels to 0. (Observe in particular that there are
no edges from channels to agents or cores to channels.)
For any simple graph G, equipped with a morphism l∶ G → L, we call vertices of G
channels, agents, or cores, according to their label.
Definition 3.47. An agent x in U is final iff it is not the target of any action, i.e., for no
action µ ∈ U , x = µ ⋅ t. All channels are final.
Lemma 3.48. An agent is final in U iff it has no edge from any core in GU .
Definition 3.49. An agent is initial in U when it is not the source of any action, i.e., for
no action µ ∈ U , x = µ ⋅ s. A channel is initial when it is not created by any core.
Lemma 3.50. An agent is initial in U iff it has no edge to any core in GU .
Definition 3.51. Any G ∈ Gph/L is source-linear iff for any cores µ, µ′ , and other vertex
(necessarily an agent or a channel) x, µ ← x → µ′ in G, then µ = µ′ . G is target-linear iff
for any cores µ, µ′ and agent x, if µ → x ← µ′ in G, then µ = µ′ . G is linear iff it is both
source-linear and target-linear.
Proposition 3.52. For any trace Y
s
U
t
X, GU is linear.
Proof. Straightforward, by induction on any decomposition of U into actions, observing that
we glue along agents and channels which are initial on one side and final on the other.
Proposition 3.53. For any trace as above, GU is acyclic (in the directed sense).
Proof. By induction on any decomposition of U , similar to the previous proof.
Now, here is the expected characterisation:
Theorem 3.54. A cospan Y s U t X of finite presheaves is a trace iff
(1) U is locally 1-injective,
(2) X contains exactly the initial agents and channels in U ,
(3) Y contains exactly the final agents and channels in U ,
(4) and GU is linear and acyclic.
Of course, we have almost proved the ‘only if’ direction, and the rest is easy, so only
the ‘if’ direction remains to prove. The rest of this section is devoted to this. First, let
us familiarise ourselves with removing elements from a presheaf. For two morphisms of
f
g
presheaves U Ð
→V ←
Ð W , we denote by U ∖ W the topos-theoretic difference U ∩ ¬W of
(the images of) f and g in the lattice Sub(V ) of subobjects of V . This differs in general
from what we denote U − W , which is the set of elements in V which are in the image of U
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
29
but not that of W , i.e., ∑c∈C U (c) ∖ W (c). More generally, for any morphism of presheaves
f ∶ U → V and set W , let U − W = ∑c∈C Im(U (c)) ∖ W .
Remark 3.55. We observe that U − W is generally just a set, not a presheaf; i.e., its
elements are not necessarily stable under the action of morphisms in C. Consider for
example U = [1] ∣ [1] and let W ∶ [1] → [1] ∣ [1] denote the injection of the first agent into U .
Then U − W does not contain the unique channel of U , so the action of s1 on the second
agent steps outside U − W .
But there is one useful case where U − W is indeed a subpresheaf of U , as we show
below in Lemma 3.57.
Definition 3.56. For any seed Y ↪ M ↩ X, let the past past(M ) = M − Y of M be the
set of its elements not in the image of Y . For any such M , presheaf U , and core µ ∈ U (M ),
let past(µ) = Im(past(M )) consist of all images of past(M ).
To explain the statement a bit more, by Yoneda, we see µ as a map M → U , so we have
a set-function
past(M ) ↪ el(M ) → el(U ).
We observe that past(µ) is always a set of agents and actions only, since channels present
in X always are in Y too.
Given a core µ ∈ U , an important operation for us will consist of considering
U ) µ = ⋃{V ↪ U ∣ el(V ) ∩ past(µ) = ∅}.
U ) µ is thus the largest subpresheaf of U not containing any element of the past of µ. The
good property of this operation is:
Lemma 3.57. If µ is a maximal core in GU (i.e., there is no path to any further core) and
GU is target-linear, then (U ) µ)(c) = U (c) ∖ past(µ) for all c.
Proof. The direction (U ) µ)(c) ⊆ U (c) ∖ past(µ) is by definition of ). Conversely, it is
enough to show that c ↦ U (c) ∖ past(µ) forms a subpresheaf of U , i.e., that for any f ∶ c → c′
in C, and x ∈ U (c′ )∖past(µ), x⋅f ∉ past(µ). Assume on the contrary that x′ = x⋅f ∈ past(µ).
Then, of course f cannot be the identity. Furthermore, x′ is either an agent or an action;
so, up to pre-composition of f with a further morphism, we may assume that x′ is an agent
and µ → x′ in GU . But then, since f is non-identity, x must be an action, with x′ being
one of its sources or targets. Now, up to post-composition of f with a further morphism,
we may assume that x is a core. So, there is either an edge x → x′ or an edge x′ → x in GU .
However, x ≠ µ, so x → x′ is impossible by target-linearity of GU , and x′ → x is impossible
by maximality of µ.
Proof of Theorem 3.54. We proceed by induction on the number of actions in U . If it is
zero, then U is a configuration; by (2), t is an iso, and by (3) so is s, hence the cospan is a
trace. For the induction step, we first decompose U into
Y
s2
U′
t2
Z
s1
M′
t1
X,
and then show that M ′ is an action and U ′ satisfies the conditions of the theorem.
So, first, by acyclicity, pick a maximal core µ in GU , i.e., one with no path to any other
core. Let
30
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
I0
Y0
M0
X0
be the seed with interface corresponding to µ, so we have the Yoneda morphism M0 → U .
Let U ′ = (U ) µ), and X1 = X − Agents(X0 ). X1 is a subpresheaf of X, since it contains
all channels. The square
I0
X1
X0
X
is a pushout, since it just adds the missing agents to X1 . Define now Z, M ′ , s1 , and t1 by
the pushouts
Y0
Z
s1
M′
M0
I0
X1
X0
U
t1
X
and the induced arrows. We further obtain arrows to U by universal property of pushout.
We show that the arrow f ∶ M ′ → U is mono.
First, it is obviously mono in dimensions > 1. It is also mono in dimension 1, because
M ′ [n] = X[n] + Y0 [n] for all n, X → U is mono with image consisting only of initial agents,
which are thus dijoint from the image of Y0 . Finally, for dimension 0, i.e., at ⋆, the pushout
defining M ′ is isomorphic to
I0 (⋆) = X0 (⋆)
X1 (⋆) = X(⋆)
injl
injl
M0 (⋆) = X0 (⋆) + I
M ′ (⋆) = X(⋆) + I
where I = M0 (⋆) ∖ X0 (⋆) is the set of channels ‘created’ by the action. Consider any
a, b ∈ M ′ (⋆) such that a ≠ b. Because X → U is mono, if a, b ∈ X(⋆) then f (a) ≠ f (b).
By local 1-injectivity of U , if a, b ∈ I then f (a) ≠ f (b). Finally, if a ∈ X(⋆) and b ∈ I,
then we have an edge f (b) → µ in GU , whereas f (a) is initial by (2) (in the statement of
Theorem 3.54), so f (a) ≠ f (b). This entails that Z → U is a mono, because s1 is a pushout
of the mono Y0 → M0 .
By (1) and Lemma 3.57, U = M ′ ∪ U ′ , i.e., the square
Z
U′
M′
U
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
31
is a pushout, so U is indeed a composite as claimed, with Z ↪ M ′ ↩ X an action by
construction. So, it remains to prove that Y ↪ U ′ ↩ Z satisfies the conditions. First, as
a subpresheaf of U , U ′ is locally 1-injective and has a linear and acyclic causal graph, so
satisfies (1) and (4). U ′ furthermore satisfies (2) by construction of Z and source-linearity
of GU , and (3) because removing past(µ) cannot make any non-final agent final.
3.5. A playground.
Theorem 3.58. D forms a playground.
This is proved by Lemmas 3.59 and 3.60 below.
Lemma 3.59.
(P8) Any double cell as in the center below, where B is a basic action and M is an action,
decomposes in exactly one of the forms on the left and right:
A
X
α1
U
C
h
A
Y
Z
D
X
α1
Y
B
D
A
V
C
α2
X
α
C
Y
M
k
α2
Z
D
Z.
̂ let its neighbourhood consist of
Proof. For any element a ovec c ∈ C of any presheaf F ∈ C,
all elements in the image of a∶ c → F .
Let b ∈ B and m ∈ M be the unique cores of B and M , respectively. Let Vm be the
neighbourhood of m in M ● V .
If α(b) ∈ Vm , we show that the whole of U is mapped to V , and we are in the left-hand
case. It is clear for channels. If there exists an element x of U of dimension ≥ 1 mapped to
y in M ∖ V , i.e., M ∖ Y , then we obtain a path x → x′ to an agent x′ of C, in GB●U . Via α,
this yields a path M ∖ Y → Y in GM ●V between elements of dimension ≥ 1, a contradiction.
If now α(b) ∉ Vm , we show similarly that the whole of B ● U is mapped to V , because
the contrary would imply the existence of a path M ∖ Y → V ∖ Y in GM ●V , which also is a
contradiction. Hence, we are in the right-hand case.
Lemma 3.60.
(P7) Any double cell
h
A
X
α
decomposes as
Y
U
k
l
C
α2
Proof. We first treat the case where W2 is an action M .
B
Y
W2
U2
Z
with α3 an isomorphism, in an essentially unique way.
W1
U1
W2
B
X
α1
α3
W1
U
h
A
k
Z
32
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
A
fs
X
U1
f1
W1
C
Y
f
U
U2
B
W
M
f2
Z,
ft
Figure 3: Proof of Lemma 3.60
Definition 3.61. Let, first, for any action x ∈ el(U ), the core associated to x core(x) be
the unique core µ ∈ el(U ) for which there exists f in C such that µ ⋅ f = x. If x is an agent
or a channel, then by definition core(x) = x.
Let U1 = U ×W W1 and let A → U1 denote the induced arrow. By construction, all of
A → U1 → U are monos and, by Lemma 3.7 and the pullback lemma, A = U1 ×W1 X.
Furthermore, consider any channel or agent x ∈ el(U1 ). If x′ = f1 (x) is not initial in
W1 , then by Theorem 3.54 we have an edge x′ → µ′ for some core µ′ of W1 . But, since f is
a morphism between traces, it preserves initiality, so x cannot be initial in U , hence we find
x → µ in GU . By source linearity of GW , core(f (µ)) = µ′ , so we find a action m′ ∈ W with
antecedents both in U and W , which entails that x is not initial in GU1 . Thus, f1 ∶ U1 → W1
preserves initiality of channels and agents.
Let now C ↪ U1 denote the subpresheaf of U1 consisting of initial channels and agents
(a subpresheaf because if x is an initial, n-ary agent, then x ⋅ si is an initial channel for any
i ∈ n). Since f1 preserves initiality, C → U1 → W1 factors through Y → W1 , uniquely since
the latter is mono, say as
C
U1
fm
f1
Y
W1 .
By construction and Theorem 3.54, A → U1 ← C is a trace and (fs , f1 , fm ) defines a
morphism to X → W1 ← Y .
Let then U2 ↪ U denote the subpresheaf of U consisting of elements below C in GU ,
i.e.,
x ∈ U2 ⇔ ∃c ∈ C.c →⋆ GU x.
A first observation is that all initial channels and agents of U are in U2 . Indeed,
consider any such initial x. Let S denote the set of all y ∈ U for which there is a path
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
33
y →⋆ GU x. By finiteness of GU and Theorem 3.54, this intersects A, hence U1 , hence C (by
source-linearity), so we find a path c →⋆ x for some c ∈ C, as desired.
Now, because U2 → U and M → W are monos, showing that all elements x of U2 map
to M will imply that U2 → U → W uniquely factors through M → W . Let us do this by
case analysis:
● If x is not a channel, then f preserves paths from agents to x, so we find some path
y →⋆ GW core(f (x)) with y ∈ Y , which implies that f (x) ∈ M (f (x) ∈ W1 − M would
contradict initiality of Y in W1 ).
● If x is some channel initial in U , then since f preserves initiality x is mapped to Z
hence to M .
● If finally x is some non-initial channel, then x → µ for some core µ ∈ U . Now µ ∈ U2 ,
as witnessed by the path c →⋆ x → µ. But then x = µ ⋅ u for some morphism u of C,
so since by the above f (µ) ∈ M , we have that f (x) = f (µ) ⋅ u is in M too, as desired.
This shows that we have a commuting square
U2
U
f2
f
M
W.
Finally, since all initial elements of U are in U2 by construction, B → U factors through
U2 → U , and we get a diagram as in Figure 3, which commutes thanks to all arrows in the
right-hand square being mono.
By Theorem 3.54, C → U2 ← B is a trace, and U = U2 ● U1 , which shows existence of
the desired decomposition.
For any decomposition as in Figure 3, we have C = U2 ×M Y by Lemma 3.7, so by
Corollary 3.28, we also have U1 = U ×W W1 . Thus, U1 is uniquely determined up to canonical
isomorphism. But by Theorem 3.54, C → U1 is so too, as the subobject of initial agents and
channels. But then U2 precisely consists of elements below C. Indeed, by finiteness of GU2
and (3) in Theorem 3.54, all of U2 clearly lies below C. Conversely, any x ∉ U2 is in U1 − U2
so by finiteness of GU1 and (3) in Theorem 3.54, we have a path x →+ c to some c ∈ C which
so x cannot lie below C. Our decomposition is thus unique up to canonical isomorphism.
4. A sheaf model
In this section, we briefly sketch the construction of the category SX of innocent strategies
over any configuration X [33], as well as its relation to the category TÍ
X of (plain) strategies. This goes by first constructing the category TX of traces over X and its subcategory
VX of views. Plain strategies over X are then presheaves on traces. We then introduce
behaviours, which are presheaves on views. Innocent strategies are then sheaves over traces,
for the Grothendieck topology induced by the inclusion iX ∶ VX ↪ TX . For such a simple
topology, sheaves are precisely the essential image of the well-known right extension functor
op
op
[Vop
X , set] → [TX , set], right adjoint to restriction along iX . We thus obtain that behaviours
are equivalent to innocent strategies, themselves a reflective subcategory of plain strategies.
We then define semantic fair testing equivalence ∼f . Finally, we construct a graph with
testing S based on (definite) innocent strategies and show that the induced fair testing
equivalence ∼Sf in the sense of Definition 2.3 coincides with ∼f .
34
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
4.1. Traces and views. Everything in this section and the next is a mere summary
of some material from [33] (with updated notation). We thus do not provide proofs.
Our category of traces should in particular have traces over X as obY′
jects. As a first approximation for the latter, we may thus define the
w
category T(X) of global traces over X to have traces to X as objects,
≅
Y α
u′
and morphisms u → u′ given by diagrams as on the right. Composition
is of course given by pasting in D. Strictly speaking, this is however not
u
X
a category, because composition is not associative on the nose. So we consider morphisms
(w, α) and (w′ , α′ ) equivalent when there is an isomorphism γ∶ w → w′ in DH with identity
vertical domain and codomain, making the obvious diagram commute, i.e., α′ ○ (u ● γ) = α.
Upon quotienting, we get:
Proposition 4.1. T(X) forms a category.
However, in order to accomodate views as particular traces, we also want to include as
objects traces over some subconfiguration of X. Furthermore, because the same configuration may embed in several ways into X, such objects should come equipped with their
Y in Dv , together with a map
embedding. Thus, objects of TX are pairs of a trace u∶ Z
h∶ Y → X in Dh .
For morphisms, we would like to account both for ‘spatial’ embedding,
i.e., morphisms in DH , and for ‘temporal’ embedding, as in T(X) above.
s
T
Z′
We thus take as morphisms (u, h) → (u′ , h′ ) all commuting diagrams as w
α
on the right. However, as for T(X), we need some quotienting. Namely,
Z
u′
′
′
(w, α) and (w , α ) are considered equivalent as soon as there exists some u
r
Y
Y′
morphism γ∶ w → w′ in DH (Z), making the obvious diagram commute,
h X h′
i.e., α′ ○ (u ● γ) = α. (This is not directly an equivalence relation, so we
have to consider the freely generated such.) We obtain:
Proposition 4.2. TX forms a category.
Finally, views are traces which will serve the purpose of following just one agent through
some potentially larger traces.
Definition 4.3. A seed is basic iff its domain is representable, i.e., is [n] for some n. A
view is any vertical morphism isomorphic to some vertical composite of basic seeds. Let
VX denote the full subcategory of TX spanning views. Let iX denote the inclusion.
4.2. Innocent strategies.
Í
Definition 4.4. We call TÍ
X the category of strategies over X, and VX the category of
behaviours over X.
As explained in [33], restriction and right extension along iop
X yield an adjunction
TÍ
X
[iop
X ,set]
–
Í
V
X.
raniop
X
The right adjoint raniop is furthermore full and faithful because iX is.
X
One may further show that iX induces a Grothendieck topology on TX , according to
which a family of morphisms to some object (u, h) covers it iff it contains all morphisms
from some view to (u, h).
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
35
Definition 4.5. Let SX = Sh(TX ) denote the category of sheaves on TX , which we’ll here
call innocent strategies.
Í
Proposition 4.6. The embedding ran op induces an equivalence of categories V
X ≃ SX .
iX
Í
The assignment X ↦ V
X is further studied in [33], and extended to a pseudo double
op
functor D → QCat, where QCat denotes Ehresmann’s double category of quintets over Cat.
We’ll here only need the vertical and horizontal actions separately. Let us briefly explain
how this works.
Í
First, the action of a horizontal morphism k∶ X ′ → X on a behaviour B ∈ V
X yields the
behaviour B ⋅ k such that for all (v, h) ∈ VX ′ , (B ⋅ k)(v, h) = B(v, k ○ h).
Vertical action is a bit harder. The easiest way to get to it is perhaps to realise that
there is a very simple syntax for behaviours on representables. Indeed, consider any n and
Î
behaviour B ∈ V
[n] . B is a coproduct B = ∑i∈γ Bi of definite behaviours, i.e., ones with a
single initial state. Here, γ is of course B(id ●[n] , id [n] ). Now each term Bi of the above sum
is determined up to isomorphism by giving for any basic seed b∶ [nb ]
[n], its residual Bi ⋅b
along b, which is the unique behaviour B ′ on [nb ] such that B ′ (v, id [nb ] ) = Bi (b ● v, id [n] )
for all views v∶ [n′ ]
[nb ]. (This rests on the fact that there is exactly one agent in [n],
namely (n, id [n] ).) Each B ⋅ b may in turn be characterised in this way. We thus pose:
Definition 4.7. Let behaviour-terms and definite behaviour-terms respectively denote infinite terms generated by the judgements ⊢ and ⊢D of the grammar in Figure 4.
...
n ⊢D Ek
...
(∀k ∈ γ)
nb ⊢ Tb
...
n ⊢ ⊕k∈γ Ek
...
(∀(b∶ nb
n ⊢D ⟨Tb ⟩b∈Bn
n) ∈ Bn )
⋅
Figure 4: Syntax for behaviours
The intuition is that the first judgement ⊢ describes behaviours and that ⊢D describes
definite behaviours, i.e., those B’s whose initial set of states B(id ●[n] ) is equal to the finite
ordinal 1. In order to precisely state the sense in which such terms correspond to behaviours,
we consider the relations ↔ and ↔D defined by mutual coinduction by the rules in Figure 5,
where the point is that the coproduct ∑i∈γ Di is only defined up to canonical isomorphism.
Both relations are easily seen to be total and cototal but neither of them is functional or
...
(n ⊢ Ei ) ↔D (n ⊢ Di )
...
(∀i ∈ γ)
(n ⊢ ⊕i∈γ Ei ) ↔ (n ⊢ ∑ Di )
i∈γ
...
(nb ⊢ Tb ) ↔ (nb ⊢ Bb )
...
(∀(b∶ nb
n) ∈ Bn )
⟨(Tb )b ⟩ ↔D ⟨(Bb )b ⟩
Figure 5: Correspondence between terms and behaviours
injective. They are still sensible, as witnessed by
Lemma 4.8. If any (resp. definite) behaviour-term is related to two (resp. definite) behaviours B1 and B2 , then B1 ≅ B2 .
36
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
Proof. We prove both statements by mutual coinduction on the proofs of T ↔ B1 and
T ↔ B2 (resp. E ↔D D1 and E ↔D D2 ).
If we are given proofs of E ↔ D1 and E ↔ D2 , then because E is a definite behaviourterm, the last applied inference rule is the second in both cases, so E = ⟨(Tb )b ⟩, D1 = ⟨(Bb1 )b ⟩
and D2 = ⟨(Bb2 )b ⟩. By coinduction hypothesis, we obtain, an isomorphism Bb1 ≅ Bb2 for all
b, which trivially induces an isomorphism D1 ≅ D2 .
If we are given proofs of T ↔ B1 and T ↔ B2 , then because T is a behaviour-term,
the last applied inference rule is the first in both cases, so T = ⊕i∈γ Ei , B1 = ∑j∈γ1 Dj1 ,
B2 = ∑k∈γ2 Dk2 , for some γ, γ1 , γ2 . But by hypothesis, B1 is also a coproduct ∑i∈γ Bi′ ,
which by coinduction hypothesis and universal property of coproduct yields an isomorphism
h1 ∶ γ → γ1 and a family of isomorphisms h1i ∶ Bi′ −∼ Bh11 (i) . Similarly, we get an isomorphism
h2 ∶ γ → γ2 and a family of isomorphisms h2i ∶ Bi′ −∼ Bh22 (i) . Composing these, we obtain an
isomorphism γ1 ≅ γ2 and isomorphisms Bh11 (i) ≅ Bh22 (i) , hence B1 ≅ B2 , as desired.
In conclusion, all (definite) behaviours over individuals are uniquely described up to
isomorphism by (definite) behaviour-terms. On non-representable configurations, we have:
Í
Î
Proposition 4.9. The functor V
X ≅ ∏n,x∶[n]→X V[n] given at (n, x) by spatial action along
x, i.e., B ↦ B ⋅ x, is an isomorphism.
Notation 4.10. If (Bx )x∶[n]→X is a family of behaviours indexed by the agents of X, we
denote its unique antecedent by [Bx ]x∶[n]→X .
Remark 4.11. In fact, one shows that, e.g., the indexed family X ↦ DX of definite behaviours over X is the final coalgebra for the functor mapping any ob(Dh )-indexed family
U to
⋆
∏
∏ (U[nb ] ) .
n∈N,x∶[n]→X
b∶[nb ]→[n]
Notation 4.12. We use ⋅ for denoting both horizontal and vertical action. There should be
no ambiguity since we use different letters to range over horizontal (h, k, x, y, . . .) and vertical
(v, w, u, . . .) morphisms. E.g., for any D ∈ DX , x∶ [n] → X, and b∶ [nb ] → [n], D ⋅ x ∈ D[n]
denotes the corresponding definite strategy over [n], and D⋅x⋅b is the corresponding element
Sb of D[nb ] .
Furthermore, if S = ∑k∈γ Dk , let ∣S∣ = γ and, for any k ∈ γ, S∣k = Dk .
4.3. Semantic fair testing. Using tools developed in the previous sections, we now define
the semantic analogue of fair testing equivalence.
Closed-world actions are those which do not involve interaction with the environment,
i.e., formally, pushouts of some seed of the shape τn , νn ,♡n ,πn , or τn,i,m,j . A trace is closedj
T(X) denote the full
world when it is a composite of closed-world actions. Let W(X)
subcategory consisting of closed-world traces, and let the category of closed-world strategies
op
Ð Further, denote by B ↦ B the composite functor V
Ð [j ,set] Ð
Í
be W(X).
X → T(X) ÐÐÐÐ→ W(X).
A closed-world trace is successful when it contains a ♡ action, and unsuccessful othÏ over a closed-world trace W ∶ Z ′
erwise. A state σ ∈ S(W ) of a strategy S ∈ T(Z)
Z is
successful when W is, and unsuccessful otherwise. Let then ⊥ Z denote the set of closedÐ such that any unsuccessful, closed-world state admits a successful
world strategies S ∈ W(Z)
extension. Formally:
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
37
Definition 4.13. S ∈ ⊥ Z iff for all closed-world, unsuccessful W ∈ W(Z) and σ ∈ S(W ),
there exists a successful W ′ ∈ W(Z), u∶ W → W ′ , and σ ′ ∈ S(W ′ ) such that σ ′ ⋅ u = σ.
Finally, in order to compare behaviours for semantic fair testing equivalence, we specify
Í
what a test for a given behaviour B ∈ V
X is. A test consists of a configuration Y a behaviour
Í
T ∈ VY . The behaviour B then should pass the test (Y, T ) iff X(⋆) = Y (⋆) and [B, T ] ∈ ⊥ Z ,
where Z is any pushout X +X(⋆)⋅⋆ Y . Intuitively, X and Y share the same set of channels,
and Z is just their gluing along that set (X and Y form two disjoint teams on Z). At last,
′ Î
Í
we define semantic fair testing equivalence, for any B ∈ V
X and B ∈ VX ′ :
Definition 4.14. Let B ∼f B ′ iff B and B ′ should pass the same tests.
5. Intensional full abstraction
5.1. Ltss for strategies. We now work towards taming the previous semantic definition,
characterising it as fair testing equivalence on an ad hoc graph with testing. In [33], an
lts is constructed for definite behaviours, with quasi-actions as an alphabet, i.e., the graph
with configurations as objects, and as edges all traces whose restrictions to agents have
length ≤ 1. Formally, u∶ Y
X is a quasi-action iff for all agents x∶ [n] → X, the restriction
u∣x has length ≤ 1. Such a quasi-action is full iff for all agents, u∣x is full, i.e., is different
from πnl and πnr .
Definition 5.1. Let Q denote the graph of full quasi-actions.
Notation 5.2. W was defined as the class of closed-world actions. It generates by composition a subbicategory of Dv , say DW
v . Furthermore, we observe that the graph morphism
W → Σ extends to a pseudo functor pW ∶ DW
v → fc(Σ), which essentially counts the number
of ticks.
The lts that we use here differs slightly from that of [33], in that it is ‘proof-relevant’.
This means that edges say how the considered strategy performs the given quasi-action.
The obtained morphism to Q is strongly bisimilar to that of [33], but counting edges in this
way enables Lemma 5.10 below.
Definition 5.3. The graph SD underlying the lts of definite behaviours has as objects
all pairs (X, D) with D ∈ DX , and as edges (X, D) ← (Y, E) all quasi-actions M ∶ Y
X
equipped with a family of states iy ∈ ∣D ⋅ M ⋅ y∣ indexed by all agents y∶ [ny ] → Y , satisfying
E ⋅ y = (D ⋅ M ⋅ y)∣iy
for all y.
The morphism pD ∶ SD → Q maps (X, D) to X and M to itself.
We’ll here only need the following closed-world restriction of SD :
Definition 5.4. Let S denote the identity-on-objects subgraph of SD with edges restricted
to closed world actions.
M
Moreover, let pS ∶ S → Σ denote the map sending (X, D) ←Ð (X ′ , D′ ) to the ♡ edge in
Σ if M is a tick action and to τ otherwise.
Definition 5.5. We now define the relation ∣S by (Z, S) ∈ ((X1 , S1 ) ∣S (X2 , S2 )) iff X1 (⋆) =
X2 (⋆) and there is a pushout square
38
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
X1 (⋆) ⋅ ⋆
X2
injr
X1
injl
Z
such that S1 = S ⋅ injl and S2 = S ⋅ injr .
Proposition 5.6. S, pS and ∣S form a graph with testing.
We have:
Lemma 5.7. For any definite strategy S ∈ SX , we have S ∈ ⊥ X iff S ∈ –S .
The proof of this requires some preliminary work. Consider any closed-world trace
X. Recall from [33] that we have a map
W ∶ X′
ψW ∶ S(W ) →
∏
∣S ⋅ W ⋅ x′ ∣.
x′ ∶[nx′ ]→X ′
This map is constructed by first recalling that the domain is an end:
S(W ) ≅ ∫
S(v, x)TX ((v,x),(W,id X )) .
(v,x)∈VX
Furthermore, the codomain is
∣S(v x ,W , (x′ )W )∣,
′
∏
x′ ∶[nx′ ]→X ′
where v
as in
x′ ,W
denotes the view of x′ in W , and (x′ )W denotes the corresponding agent in X,
[nx′ ]
vx
′ ,W
x′
′
αx ,W
x′ ,W
d
(x′ )W
X′
W
X.
So ψW (σ) is defined at x′ to be
σ(v x ,W , (x′ )W )(id ●[nx′ ] , αx ,W ).
′
′
The proof of [33, Proposition 5.23] actually applies to show:
Lemma 5.8. If W is a quasi-action, then ψW is bijective.
Let C denote the category with ob(C) = ob(S), and with C((X ′ , S ′ ), (X, S)) the set
of pairs (W, σ) of a closed-world trace W ∶ X ′
X and state σ ∈ S(W ) such that (S ⋅
′
′
′′
′
′′
W )∣ψW (σ) = S . Given W ∶ X
X , S ∈ SX ′′ , and σ ′ ∈ S ′ (W ′ ), composition is defined by
(W ′ , σ ′ ) ○ (W, σ) = (W ● W ′ , σ ′ ), where is viewed as an element of S(W ● W ′ ) via
S ′ (W ′ ) = (S ⋅ W )∣ψ(σ) (W ′ )
(W ′ ,id)
≅ {σ ′ ∈ S(W ● W ′ ) ∣ σ ′ ⋅ (W ÐÐÐÐ→ W ● W ′ ) = σ}.
Proposition 5.9. C forms a category, and the obvious projection pC ∶ C → DW
v satisfies the
W
W
Conduch´e condition, i.e., for all X ′′ 2 X ′ 1 X, any morphism (W1 ●W2 , σ)∶ (X ′′ , S ′′ ) →
(X, S) admits a unique factorisation into (W2 , σ2 ) ○ (W1 , σ1 ).
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
39
Proof. Consider any S ∈ SX and σ ∈ S(W1 ●W2 ). Consider the morphism u∶ W1 → (W1 ●W2 )
given by (W2 , id ), and let σ1 = σ ⋅ u ∈ S(W1 ). Let S1 = (S ⋅ W1 )∣ψW1 (σ1 ) . We have σ ∈ {σ ′ ∈
S(W1 ● W2 ) ∣ σ ′ ⋅ u = σ1 }, hence σ ∈ S1 (W2 ), and hence two morphisms
(W1 ,σ1 )
(W2 ,σ)
(X, S) ←ÐÐÐÐ (X ′ , S1 ) ←ÐÐÐÐ (X ′′ , S ′′ )
as desired.
This shows that for any path p, say
p1
p2
X = X0 ←Ð X1 ←Ð . . . Xn = X ′ ,
(5.1)
in W and morphism (P, σ)∶ (X , S ) → (X, S) in C over its composition P = (p1 ● . . . ● pn ),
there is a unique path e in C (viewing C as a reflexive graph) such that (pC )⋆ (e) = p. But by
X is a closed-world action (i.e., has length 1), then for all S and
construction, if W ∶ X ′
S ′ both fibres of C((X ′ , S ′ ), (X, S)) and S(X ′ , S ′ ), (X, S) over W are equal. This entails:
′
′
Lemma 5.10. The square
S⋆
(pS )⋆
(W)⋆
C
pC
DW
v
is a pullback.
Corollary 5.11. For all closed-world paths as in (5.1), S ∈ SX , and S ′ ∈ SX ′ , we have
((pS )⋆(X ′ ,S ′ ),(X,S) )−1 (p) ≅ (pC(X ′ ,S ′ ),(X,S) )−1 (P ),
where P = (p1 ● . . . ● pn ) and we denote by pA,B ∶ G(A, B) → H(p(A), p(B)) the component
of p∶ G → H at A and B.
A further corollary is about the projection functor pW ∶ DW
v → fc(Σ) (notation 5.2)
w
Corollary 5.12. For all S ∈ SX , S ′ ∈ SX ′ , and w ∈ Σ⋆ (⋆, ⋆), we have (X, S) ⇐
Ô (X ′ , S ′ ) iff
′
W
′
′
W
̃ and (W, σ) ∈ C((X , S ), (X, S)).
there exists W ∶ X
X in Dv such that p (W ) = w
We are almost in position to prove Lemma 5.7. Let us just state:
Lemma 5.13. We have S ∈ ⊥ X iff for all (W, σ)∶ (X ′ , S ′ ) → (X, S) in C such that pW (W ) =
id ⋆ there exists (W ′ , σ ′ )∶ (X ′′ , S ′′ ) → (X ′ , S ′ ) such that pW (W ′ ) = ♡.
Proof. Straightforward from the correspondence
{σ ′′ ∈ S(W ● W ′ ) ∣ σ ′′ ⋅ u = σ} ≅ S ′ (W ′ ),
where u∶ W → (W ● W ′ ) is (W ′ , id ).
Proof of Lemma 5.7. We use the characterisation of ⊥ X given in the previous lemma. Let
S ∈ SX and assume S ∈ ⊥ X . Let S ⇐ S ′ (over Σ). Then, by Lemma 5.12 there exists (W, σ) ∈ C((X ′ , S ′ ), (X, S)) such that pW (W ) = id . Because S ∈ ⊥ X , there exists
(W ′ , σ ′ )∶ (X ′′ , S ′′ ) → (X ′ , S ′ ) such that pW (W ′ ) = ♡. By Lemma 5.12 again, this yields
♡
(X ′ , S ′ ) ⇐
Ô (X ′′ , S ′′ ).
Conversely, assume (X, S) ∈ – and consider (W, σ)∶ (X ′ , S ′ ) → (X, S) in C such that
W
p (W ) = id . Then by Lemma 5.12 we get (X, S) ⇐
Ô (X ′ , S ′ ). But (X, S) ∈ – yields
♡
(X ′ , S ′ ) ⇐
Ô (X ′′ , S ′′ ), so by Lemma 5.12 again we get (W ′ , σ ′ )∶ (X ′′ , S ′′ ) → (X ′ , S ′ ) such
that pW (W ′ ) = ♡, as desired.
40
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
5.2. A further lts for strategies. In the previous section, we have characterised semantic
fair testing equivalence using the lts S. We now define a further lts, M, which will help
us to bridge the gap between strategies and π-calculus configurations. Indeed, we define a
surjective morphism m∶ S → M over Σ, and we then prove that m is fully abstract for fair
testing equivalence.
Definition 5.14. Let the set M0 of mixed strategies be
n ⊙
∑ ( ∑ D[n] × γ ) .
γ∈Pf (N) n∈N
Notation 5.15. We use the same notation as for configurations, i.e., we denote
(γ, [(n1 , D1 , σ1 ), . . . , (np , Dp , σp )])
by
⟨γ∥D1 [σ1 ], . . . , Dp [σp ]⟩.
Let m∶ ob(S) → M0 map any (X, D) to the mixed strategy
⟨γ∥[(D ⋅ x)[σx ] ∣ (n, x) ∈ Agents(X)]⟩,
[⌜x⋅si ⌝]i∈n
where σx is the map n ÐÐÐÐÐ→ X(⋆).
Proposition 5.16. Consider any x, x′ , y, y ′ ∈ ob(S) such that m(x) = m(x′ ) and m(y) =
m(y ′ ). Then we have S(y, x) ≅ S(y ′ , x′ ) over Σ.
Proof. Let x = (X, D), x′ = (X ′ , D′ ), y = (Y, E), y ′ = (Y ′ , E ′ ). Under the given hypotheses,
we may construct isomorphisms h∶ X −∼ X ′ and k∶ Y −∼ Y ′ such that D′ ⋅h = D and E ′ ⋅k = E.
M′
M
It is then easy to see that x ←Ð y iff x′ ←Ð y ′ , for all full quasi-actions M , with the obvious
M ′ and isomorphism α in
Y
M
X
k
α
h
Y′
M′
′
X,
which entails the result.
Proposition 5.17. The map m is surjective. Let a denote any section of m.
Definition 5.18. Let M have M0 as vertex set, with
M(M ′ , M ) = Im(pSa(M ′ ),a(M ) ).
σ
Here, we take as edges M ′ → M the set of edges σ in Σ such that a(M ) Σ ←
Ð a(M ′ ).
σ
σ
Otherwise said, M Σ ←
Ð M ′ iff a(M ) Σ ←
Ð a(M ′ ).
This directly makes M into a graph over Σ, which by Proposition 5.16 does not depend
on the choice of a.
Lemma 5.19. Edges of M may be inductively defined by the rules in Figure 6.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
i ∈ ∣D ⋅ πnl ∣
j ∈ ∣D ⋅ πnr ∣
i ∈ ∣D ⋅ τn ∣
id
id
⟨γ∥D[σ]⟩ ←Ð ⟨γ∥(D ⋅ πnl )∣i [σ], (D ⋅ πnr )∣j [σ]⟩
⟨γ∥D[σ]⟩ ←Ð ⟨γ∥(D ⋅ τn )∣i [σ]⟩
i ∈ ∣D ⋅ νn ∣
i ∈ ∣D ⋅ ♡n ∣
⟨γ∥D[σ]⟩ ←
Ð ⟨γ∥(D ⋅ ♡n )∣i [σ]⟩
♡
i ∈ ∣D1 ⋅ ιn1 ,a1 ∣
41
a∉γ
σ+⌜a⌝
id
⟨γ∥D[σ]⟩ ←Ð ⟨γ, a∥(D ⋅ νn )∣i [n + 1 ÐÐÐ→ γ, a]⟩
j ∈ ∣D2 ⋅ on2 ,a2 ,b2 ∣
σ1 (a1 ) = σ2 (a2 )
[σ1 ,⌜σ2 (b2 )⌝]
id
⟨γ∥D1 [σ1 ], D2 [σ2 ]⟩ ←Ð ⟨γ∥(D1 ⋅ ιn1 ,a1 )∣i [n1 + 1 ÐÐÐÐÐÐÐ→ γ], (D2 ⋅ on2 ,a2 ,b2 )∣j [σ2 ]⟩
α
⟨γ1 ∥S1 ⟩ ←
Ð ⟨γ2 ∥S2 ⟩
α
⟨γ1 ∥S ∪ S1 ⟩ ←
Ð ⟨γ2 ∥S[γ1 ⊆ γ2 ] ∪ S2 ⟩
Figure 6: Inductive characterisation of transitions in M
Proof. An easy case analysis. Let
denote transitions as in Figure 6. E.g., consider M and
♡
′
M and let a(M ) = (X, D) and a(M ′ ) = (X ′ , D′ ). If (X, D) Σ ←
Ð (X ′ , D′ ), then X ≅ X ′ ,
so w.l.o.g. X = X ′ , and furthermore there is some agent (n0 , x0 ) in X and i such that
D′ ⋅ x0 = (D ⋅ x0 ⋅ ♡n0 )∣i and for all (n, x) ≠ (n0 , x0 ) in Agents(X), we have D′ ⋅ x = D. So,
we do have
M = ⟨γ∥(D⋅x0 )[σx0 ]∶∶[(D⋅x)[σx ] ∣ x ≠ x0 ]⟩
♡
⟨γ∥(D′ ⋅x0 )[σx0 ]∶∶[(D⋅x)[σx ] ∣ x ≠ x0 ]⟩ = M ′ .
Proposition 5.20. For all x, y ∈ S, x ∼f y iff m(x) ∼f m(y). Conversely, for all M, N ∈ M,
M ∼f N iff a(M ) ∼f a(N ).
Proof. Any surjective, full, and faithful morphism over some alphabet is a graph fibration.
5.3. Interpretation of π and intensional full abstraction. We at last prove our main
result. We first define a relation &∶ Conf
M over Σ which
● relates any process to its translation, and
● is surjective, i.e., relates any mixed strategy to some process.
We will then show that this relation is a weak bisimulation over Σ. We thus need maps
from processes to strategies and back.
To start with, we define a family of maps in
∏
Pi ×Bij(γ,n)
D[n]γ
,
γ∈Pf (N),n∈N
where Bij(A, B) denotes the set of all bijections A −∼ B. For any such γ, n, P , and h in the
domain, we denote the result by ⟦P ⟧h , or ⟦P ⟧γ,n,h when needed. It is coinductively defined
42
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
by
⟦0⟧h = ⟨− ↦ ∅⟩
⟦∑i Pi ⟧h = ∑i ⟦Pi ⟧h
πnl ↦ ⟦P ⟧h
⟦P ∣ Q⟧h = ⟨ πnr ↦ ⟦Q⟧h ⟩
− ↦ ∅
νn ↦ ⟦P ⟧h′
⟦νb.P ⟧h = ⟨
⟩
− ↦ ∅
♡ ↦ ⟦P ⟧h
⟦♡.P ⟧h = ⟨ n
⟩
− ↦ ∅
τ ↦ ⟦P ⟧h
⟦τ.P ⟧h = ⟨ n
⟩
− ↦ ∅
ι
↦ ⟦P ⟧h′
⟩
⟦a(b).P ⟧h = ⟨ n,h(a)
− ↦ ∅
o
↦ ⟦P ⟧h
⟦¯
a⟨b⟩.P ⟧h = ⟨ n,h(a),h(b)
⟩
− ↦ ∅
where
● the sum ∑i Di of definite strategies Di is defined by (∑i Di ) ⋅ b = ⊕i (Di ⋅ b), for all
[n];
basic actions b∶ [n′ ]
● and h′ ∶ γ, b −∼ n + 1 maps any a ∈ γ to h(a), and b to n + 1.
D
In the other direction, we coinductively define ζ ∈ ∏n Pi n [n] by:
⎛
⎜+
⎜
⎜+
ζ(n ⊢D D) = ⎜
⎜+
⎜
⎜
⎜+
⎝+
∑i∈∣D⋅πnl ∣,j∈∣D⋅πnr ∣ τ.(ζ(n ⊢D (D ⋅ πnl )∣i ) ∣ ζ(n ⊢D (D ⋅ πnr )∣j ))
∑i∈∣D⋅τn ∣ τ.ζ(n ⊢D (D ⋅ τn )∣i )
∑i∈∣D⋅♡n ∣ ♡.ζ(n ⊢D (D ⋅ ♡n )∣i )
∑i∈∣D⋅νn ∣ ν(n + 1).ζ(n + 1 ⊢D (D ⋅ νn )∣i )
∑a∈n,i∈∣D⋅ιn,a ∣ a(n + 1).ζ(n + 1 ⊢D (D ⋅ ιn,a )∣i )
¯⟨b⟩.ζ(n ⊢D (D ⋅ on,a,b )∣i )
∑a,b∈n,i∈∣D⋅on,a,b ∣ a
⎞
⎟
⎟
⎟
⎟.
⎟
⎟
⎟
⎟
⎠
We first observe that for any D and i ∈ ∣D ⋅ πnl ∣ and j ∈ ∣D ⋅ πnr ∣,
● on the one hand D has a silent transition to ∂i,j D the strategy on [n] ∣ [n] such that
(∂i,j D) ⋅ 1 = (D ⋅ πnl )∣i and (∂i,j D) ⋅ 2 = (D ⋅ πnr )∣j ;
● on the other hand ζ(D) has a silent transition to
′
ζi,j
(D) = (ζ((D ⋅ πnl )∣i ) ∣ ζ((D ⋅ πnr )∣j )),
which then has a further transition to the two-process configuration consisting of
ζ((D ⋅ πnl )∣i ) and ζ((D ⋅ πnr )∣j ).
id
′
Thus, when we will try below to relate D and ζ(D), the transition ζ(D) ←Ð ζi,j
(D) has to
id
be matched by the former transition D ←Ð ∂i,j D. So our relation should somehow include
′
pairs (ζi,j
(D), ∂i,j D).
Before moving on to defining our relation, we extend ⟦−⟧ and ζ to maps
T
Conf
Z
M.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
43
First, for any γ, there is a canonical bijection hγ ∶ γ −∼ ∣γ∣ mapping each a ∈ γ to its
position in the ordering induced by the one on natural numbers.
Definition 5.21. Let T∶ ob(Conf) → ob(M) be ∑γ (T0γ )⊙ , where
T0γ (P ) = ⟦P ⟧hγ [h−1
γ ].
By construction, we have C & T(C) and so & is total.
Conversely, we put:
Definition 5.22. Let Z∶ ob(M) → ob(Conf) to be ∑γ (Z0γ )⊙ , where
Z0γ (D[σ]) = ζ(D)[σ].
We now come to our relation &, which by construction contains the graphs of T and Z:
Definition 5.23. Let the relation &∶ Conf
in Figure 7.
M over Σ be defined inductively by the rules
(In the last rule, γ is understood in Conf on the left, and in M on the right.)
γ′ ⊢ P
h∶ γ ′
∼
−
σ∶ n → γ
n
n ⊢D D
P [σ ○ h] & ⟦P ⟧h [σ]
n ⊢D D1 , D2
σ∶ n → γ
ζ(D)[σ] & D[σ]
σ∶ n → γ
C&M
D&N
C@D & M @N
(ζ(D1 ) ∣ ζ(D2 ))[σ] & D1 [σ], D2 [σ]
γ & γ
⋅
Figure 7: The relation &
Proposition 5.24. The relation & is a weak bisimulation over Σ.
Proof. Recall from [59, Chapter 6]:
Definition 5.25. An expansion is a relation R∶ G
a
H over A, such that
a
● for all transitions x R y A ←
Ð y , there exist x A ⇐
Ô x′ R y ′ , and
a
a
● for all transitions x′ Ð
→A x R y, there exist x′ R y ′ Ð
→A y.
′
This notion is actually an adaptation to the eponymous notion in [59, Chapter 6] to
our setting based on reflexive graphs. Any expansion is obviously a weak bisimulation, and
we show that & is an expansion, hence the result.
First, we observe that & may equivalently be defined by first defining &0 to be generated
by all rules except the last two, and then adding the rule
C1 &0 M1
...
Cn &0 Mn
C 1 ∪ . . . ∪ C n & M 1 ∪ . . . ∪ Mn
(n ∈ N)⋅
The advantage of this presentation is that proofs of C & M all have depth 1.
The rest is then a tedious case analysis, which we defer to Appendix ?? to avoid disrupting the flow of the paper. In summary, we easily observe that the second clause of
expansion is satisfied, the only subtlety being that heating (ζ(D1 ) ∣ ζ(D2 ))[σ] should be
matched by the identity edge on the corresponding strategy. Furthermore, the first clause is
44
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
also easily satisfied, the only subtlety being that if the considered strategy performs a transition involving one or several [D1 [σ], D2 [σ]]’s, related on the left to (ζ(D1 ) ∣ ζ(D2 ))[σ]’s,
then all of the latter first have to heat to [ζ(D1 )[σ], ∣ζ(D2 )[σ]], and only then perform the
matching transition.
We now come to one of our main results:
Theorem 5.26. For all C1 , C2 , M1 , M2 , if C1 & M1 and C2 & M2 , then C1 ∼f C2 iff
M1 ∼f M2 .
Proof. If γ’s differ, then everything is trivial, so we suppose that everything lies over some
common γ.
We then have that if M1 ∼f M2 , then for any C ∈ Conf γ :
C1 @C ∈ – iff
M1 @T(C) ∈ – (because C1 @C & M1 @T(C) and by Proposition 5.24) iff
M2 @T(C) ∈ – (because M1 ∼f M2 ) iff
C2 @C ∈ – (because C2 @C & M2 @T(C) and by Proposition 5.24).
Similarly, if C1 ∼f C2 , then for any M ∈ Mγ :
M1 @M ∈ – iff
C1 @Z(M ) ∈ – (because M1 @M & C1 @Z(M ) and by Proposition 5.24) iff
C2 @Z(M ) ∈ – (because C1 ∼f C2 ) iff
M2 @M ∈ – (because M2 @M & C2 @Z(M ) and by Proposition 5.24).
Corollary 5.27. For all processes P1 and P2 over γ, P1 ∼f P2 iff ⟦P1 ⟧ ∼f ⟦P2 ⟧. Furthermore,
for all strategies S ∈ S[n] , there exists P ∈ Pi n such that ⟦P ⟧ ∼f S.
Proof. The first point is a trivial consequence of the theorem. For the second, first observe
that any S = ⊕i Di over n is fair testing equivalent to the definite strategy
∑⟨τn ↦ ⊕ Di , − ↦ ∅⟩,
i
i
so we may restrict attention to definite strategies. But then D ∼f ⟦ζ(D)⟧ because for all M
over n, we have
D@M ∈ – iff
Z(D)@Z(M ) ∈ – (because D@M & Z(D)@Z(M ) and by Proposition 5.24) iff
T(Z(D))@M ∈ – (because Z(D)@Z(M ) & T(Z(D))@M and by Proposition 5.24), i.e.,
⟦ζ(D)⟧@M ∈ –,
as desired.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
45
References
[1] Samson Abramsky, Radha Jagadeesan, and Pasquale Malacaria. Full abstraction for
PCF. Information and Computation, 163(2):409–470, 2000. doi: 10.1006/inco.2000.
2930.
[2] J. Ad´
amek, J.; Rosicky. Locally Presentable and Accessible Categories. Cambridge
University Press, 1994. doi: 10.1017/CBO9780511600579.
[3] Paolo Baldan, Andrea Corradini, Tobias Heindel, Barbara K¨onig, and Pawel
Sobocinski. Processes and unfoldings: concurrent computations in adhesive categories. Mathematical Structures in Computer Science, 24(4), 2014. doi: 10.1017/
S096012951200031X. URL http://dx.doi.org/10.1017/S096012951200031X.
[4] G´erard Berry and G´erard Boudol. The chemical abstract machine. In POPL, pages
81–94, 1990. doi: 10.1145/96709.96717.
[5] Michele Boreale and Davide Sangiorgi. A fully abstract semantics for causality in the
π-calculus. Acta Informatica, 35(5):353–400, 1998.
[6] A. K. Bousfield. Constructions of factorization systems in categories. Journal of Pure
and Applied Algebra, 9(2-3):287–329, 1977.
[7] Ed Brinksma, Arend Rensink, and Walter Vogler. Fair testing. In CONCUR 1995 [13],
pages 313–327. ISBN 3-540-60218-6. doi: 10.1007/3-540-60218-6 23.
[8] Roberto Bruni, Hern´
an C. Melgratti, and Ugo Montanari. Event structure semantics
for nominal calculi. In Christel Baier and Holger Hermanns, editors, CONCUR, volume
4137 of LNCS, pages 295–309. Springer Verlag, 2006. ISBN 3-540-37376-4.
[9] Nadia Busi and Roberto Gorrieri. A Petri net semantics for π-calculus. In CONCUR
1995 [13], pages 145–159. ISBN 3-540-60218-6.
[10] Nadia Busi and Roberto Gorrieri. Distributed semantics for the π-calculus based on
Petri nets with inhibitor arcs. Journal of Logic and Algebraic Programming, 78(3):
138–162, 2009.
[11] Simon Castellan, Pierre Clairambault, and Glynn Winskel. Concurrent Hyland-Ong
games. GaLoP, 2014.
[12] Gian Luca Cattani and Peter Sewell. Models for name-passing processes: Interleaving
and causal. In LICS, pages 322–333. IEEE Computer Society, 2000. ISBN 0-7695-07255.
[13] CONCUR 1995. CONCUR, volume 962 of LNCS, 1995. Springer Verlag. ISBN 3-54060218-6.
[14] Silvia Crafa, Daniele Varacca, and Nobuko Yoshida. Event structure semantics of
parallel extrusion in the pi-calculus. In FoSSaCS, volume 7213 of LNCS, pages 225–
239. Springer Verlag, 2012. ISBN 978-3-642-28728-2.
[15] Ioana Cristescu, Jean Krivine, and Daniele Varacca. A compositional semantics for the
reversible p-calculus. In LICS, pages 388–397. IEEE Computer Society, 2013. ISBN
978-1-4799-0413-6. doi: 10.1109/LICS.2013.45. URL http://dx.doi.org/10.1109/
LICS.2013.45.
[16] Rocco De Nicola and Matthew Hennessy. Testing equivalences for processes. Theoretical
Computer Science, 34:83–133, 1984. doi: 10.1016/0304-3975(84)90113-0.
[17] Pierpaolo Degano and Corrado Priami. Non-interleaving semantics for mobile processes. Theoretical Computer Science, 216(1-2):237–270, 1999.
[18] Charles Ehresmann. Cat´egories structur´ees. Annales scientifiques de l’Ecole Normale
Sup´erieure, 80(4):349–426, 1963.
46
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
[19] Charles Ehresmann. Cat´egories et structures. Dunod, 1965.
[20] Joost Engelfriet. A multiset semantics for the pi-calculus with replication. Theoretical
Computer Science, 153(1&2):65–94, 1996.
[21] Marcelo P. Fiore and Daniele Turi. Semantics of name and value passing. In LICS,
pages 93–104. IEEE Computer Society, 2001. ISBN 0-7695-1281-X.
[22] Marcelo P. Fiore, Eugenio Moggi, and Davide Sangiorgi. A fully-abstract model for the
pi-calculus (extended abstract). In LICS 1996 [45], pages 43–54. ISBN 0-8186-7463-6.
[23] Peter Freyd and G. M. Kelly. Categories of continuous functors, I. Journal of Pure
and Applied Algebra, 2:169–191, 1972. doi: 10.1016/0022-4049(72)90001-1.
[24] Richard H. G. Garner. Polycategories. PhD thesis, University of Cambridge, 2006.
[25] Jean-Yves Girard. Locus solum: From the rules of logic to the logic of rules.
Mathematical Structures in Computer Science, 11(3):301–506, 2001. doi: 10.1007/
3-540-44802-0 3.
[26] Gregor G¨
oßler, Daniel Le M´etayer, and Jean-Baptiste Raclet. Causality analysis in
contract violation. In Runtime Verification, volume 6418 of LNCS, pages 270–284.
Springer, 2010. ISBN 978-3-642-16611-2. doi: 10.1007/978-3-642-16612-9 21. URL
http://dx.doi.org/10.1007/978-3-642-16612-9_21.
[27] Marco Grandis and Robert Par´e. Limits in double categories. Cahiers de Topologie et
G´eom´etrie Diff´erentielle Cat´egoriques, 40(3):162–220, 1999.
[28] Marco Grandis and Robert Par´e. Adjoints for double categories. Cahiers de Topologie
et G´eom´etrie Diff´erentielle Cat´egoriques, 45(3):193–240, 2004.
[29] Russell Harmer, Martin Hyland, and Paul-Andr´e Melli`es. Categorical combinatorics
for innocent strategies. In LICS, pages 379–388. IEEE Computer Society, 2007. doi:
10.1109/LICS.2007.14.
[30] Matthew Hennessy. A fully abstract denotational semantics for the π-calculus. Theoretical Computer Science, 278(1-2):53–89, 2002.
[31] Thomas T. Hildebrandt. Towards categorical models for fairness: fully abstract
presheaf semantics of SCCS with finite delay. Theoretical Computer Science, 294(1/2):
151–181, 2003.
[32] Tom Hirschowitz. Full abstraction for fair testing in CCS. In CALCO, volume 8089 of
LNCS, pages 175–190. Springer Verlag, 2013. ISBN 978-3-642-40205-0.
[33] Tom Hirschowitz. Full abstraction for fair testing in CCS (expanded version). Logical
Methods in Computer Science, 10(4), 2014.
[34] Tom Hirschowitz and Damien Pous. Innocent strategies as presheaves and interactive
equivalences for CCS. In ICE, pages 2–24, 2011. doi: 10.4204/EPTCS.59.2.
[35] J. M. E. Hyland and C.-H. Luke Ong. On full abstraction for PCF: I, II, and III. Inf.
Comput., 163(2):285–408, 2000. doi: 10.1006/inco.2000.2917.
[36] Bart Jacobs. Categorical Logic and Type Theory. Number 141 in Studies in Logic and
the Foundations of Mathematics. North Holland, Amsterdam, 1999.
[37] Lalita Jategaonkar Jagadeesan and Radha Jagadeesan. Causality and true concurrency:
A data-flow analysis of the pi-calculus (extended abstract). In AMAST, volume 936 of
LNCS, pages 277–291. Springer Verlag, 1995.
[38] Andr´e Joyal, Mogens Nielsen, and Glynn Winskel. Bisimulation and open maps. In
LICS, pages 418–427. IEEE Computer Society, 1993. doi: 10.1109/LICS.1993.287566.
[39] Stephen Lack and Pawel Sobocinski. Adhesive categories. In FoSSaCS, volume 2987
of LNCS, pages 273–288. Springer Verlag, 2004. doi: 10.1007/978-3-540-24727-2 20.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
47
[40] James Laird. Game semantics for higher-order concurrency. In FSTTCS, volume 4337
of LNCS, pages 417–428. Springer Verlag, 2006. doi: 10.1007/11944836 38.
[41] James J. Leifer and Robin Milner. Deriving bisimulation congruences for reactive
systems. In Catuscia Palamidessi, editor, CONCUR, volume 1877 of LNCS, pages
243–258. Springer Verlag, 2000. ISBN 3-540-67897-2. doi: 10.1007/3-540-44618-4 19.
[42] Tom Leinster. Higher Operads, Higher Categories, volume 298 of London Mathematical
Society Lecture Notes. Cambridge University Press, Cambridge, 2004.
[43] Sergue¨ı Lenglet, Alan Schmitt, and Jean-Bernard Stefani. Normal bisimulations in
calculi with passivation. In FoSSaCS, volume 5504 of LNCS, pages 257–271. Springer
Verlag, 2009. doi: 10.1007/978-3-642-00596-1 19.
[44] Paul Blain Levy. Morphisms between plays. GaLoP, 2013.
[45] LICS 1996. 11th Symposium on Logic in Computer Science, 1996. IEEE Computer
Society. ISBN 0-8186-7463-6.
[46] Saunders MacLane. Duality for groups. Bulletin of the American Mathematical Society,
56, 1950.
[47] Saunders MacLane and Ieke Moerdijk. Sheaves in Geometry and Logic: A First Introduction to Topos Theory. Universitext. Springer, 1992.
[48] Guy McCusker, John Power, and Cai Wingfield. A graphical foundation for schedules.
Electronic Notes in Theoretical Computer Science, 286:273–289, 2012. doi: 10.1016/j.
entcs.2012.08.018. URL http://dx.doi.org/10.1016/j.entcs.2012.08.018.
[49] Paul-Andr´e Melli`es. Asynchronous games 2: the true concurrency of innocence. In
Proc. CONCUR ’04, volume 3170 of LNCS, pages 448–465. Springer Verlag, 2004. doi:
10.1007/978-3-540-28644-8 29.
[50] Paul-Andr´e Melli`es. Asynchronous games 4: A fully complete model of propositional
linear logic. In LICS, pages 386–395. IEEE Computer Society, 2005. ISBN 0-76952266-1.
[51] Paul-Andr´e Melli`es. Game semantics in string diagrams. In LICS, pages 481–490.
IEEE, 2012. doi: .1109/LICS.2012.58.
[52] Ugo Montanari and Marco Pistore. Concurrent semantics for the π-calculus. Electronic
Notes in Theoretical Computer Science, 1:411–429, 1995.
[53] Ugo Montanari and Marco Pistore. Structured coalgebras and minimal HD-automata
for the π-calculus. Theoretical Computer Science, 340(3):539–576, 2005.
[54] V. Natarajan and Rance Cleaveland. Divergence and fair testing. In ICALP, volume
944 of LNCS, pages 648–659. Springer Verlag, 1995. ISBN 3-540-60084-1. doi: 10.
1007/3-540-60084-1 112.
[55] Robert Par´e. Yoneda theory for double categories. Theory and Applications of Categories, 25(17):436–489, 2011.
[56] Julian Rathke and Pawel Sobocinski. Deconstructing behavioural theories of mobility.
In IFIP TCS, volume 273 of IFIP, pages 507–520. Springer Verlag, 2008. doi: 10.1007/
978-0-387-09680-3 34.
[57] Arend Rensink and Walter Vogler. Fair testing. Information and Computation, 205
(2):125–198, 2007. doi: 10.1016/j.ic.2006.06.002.
[58] Silvain Rideau and Glynn Winskel. Concurrent strategies. In LICS, pages 409–418.
IEEE Computer Society, 2011. doi: 10.1109/LICS.2011.13.
[59] Davide Sangiorgi and Jan Rutten, editors. Advanced Topics in Bisimulation and Coinduction. Number 52 in Cambridge Tracts in Theoretical Computer Science. Cambridge
University Press, 2011.
48
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
[60] Vladimiro Sassone and Pawel Soboci´
nski. Deriving bisimulation congruences using
2-categories. Nordic Journal of Computing, 10(2), 2003.
[61] Ian Stark. A fully abstract domain model for the π-calculus. In LICS 1996 [45], pages
36–42. ISBN 0-8186-7463-6.
[62] Takeshi Tsukada and C.-H. Luke Ong. Innocent strategies are sheaves over plays deterministic, non-deterministic and probabilistic innocence. CoRR, abs/1409.2764,
2014. URL http://arxiv.org/abs/1409.2764.
[63] Glynn Winskel. Event structure semantics for CCS and related languages. In Mogens
Nielsen and Erik Meineche Schmidt, editors, ICALP, volume 140 of LNCS, pages 561–
576. Springer Verlag, 1982. ISBN 3-540-11576-5. doi: 10.1007/BFb0012800.
[64] Glynn Winskel. Strategies as profunctors. In FoSSaCS, volume 7794 of LNCS, pages
418–433. Springer Verlag, 2013. doi: 10.1007/978-3-642-37075-5 27.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
49
Appendix A. Proof of Proposition 5.24
One wants to check two properties:
a
a
(LH) for all transitions x′ Ð
→A x with x & y, there exists y ′ Ð
→A y.with x′ & y ′ ;
a
a
(RH) for all transitions y A ←
Ð y ′ with x & y, there exists x A ⇐
Ô x′ with x′ & y ′ .
We start by proving the lefthand side (LH) for all cases, before proving that righthand
side (RH) hols as well.
Synchro, (LH). We begin by the case of a synchronisation, i.e. when one has a transition
id
⟨γ∥[a(b).P +k1 R1 , a
¯⟨c⟩.Q +k2 R2 ]@C0 ⟩ ←Ð ⟨γ∥[P [b ↦ c], Q]@C0 ⟩
with ⟨γ∥[a(b).P +k1 R1 , a
¯⟨c⟩.Q +k2 R2 ]@C0 ⟩ & M . We want to show that there exists a
id
transition M ←Ð M ′ with ⟨γ∥[P [b ↦ c], Q]@C0 ⟩ & M ′ .
We write P1 = a(b).P +k1 R1 and P2 = a
¯⟨c⟩.Q +k2 R2 . Neither of them are of the form
(⋅ ∣ ⋅) so they can be related only using the first two rules. Therefore, four sub-cases should
be considered, they are detailed in Figure 8.
● Case 1 for both P1 and P2 . We can check that the following hold:
γ1′ , b ⊢ P ′
σ1 (h1 (a′1 )) = a
σ2 (h2 (a′2 )) = a
γ2′ ⊢ Q′
σ2 (h2 (c′ )) = c
One has M = ⟦P1′ ⟧h1 [σ1 ]@⟦P2′ ⟧h2 [σ2 ]@M0 . Then there is a transition
id
M ←Ð ⟦P ′ ⟧h′1 [σ1′ ]@⟦Q′ ⟧h2 [σ2 ]@M0
[σ1 ,c]
h1 +!
where h′1 ∶ γ1′ , b ÐÐ→ n1 + 1 and σ1′ ∶ n1 + 1 ÐÐÐ→ γ.
σ1 +⌜b⌝
h1 +!
b↦c
Since σ1′ ○ h′1 ∶ γ1′ ÐÐ→ n1 + 1 ÐÐÐ→ γ, b ÐÐ→ γ, we have that P ′ [σ1′ ○ h′1 ] = P ′ [(σ1 +
⌜b⌝) ○ (h1 +!)][b ↦ c] = P [b ↦ c], and therefore P [b ↦ c] & ⟦P ′ ⟧h′1 [σ1′ ]. Moreover, it
is clear that Q = Q′ [σ2 ○ h2 ] & ⟦Q′ ⟧h2 [σ2 ], and finally [P [b ↦ c], Q]@C0 & M ′ .
● Case 1 for P1 , Case 2 for P2 . Again, one has:
γ1′ , b ⊢ P ′
σ1 (h1 (a′1 )) = a
There exists elements a2 , c2 ∈ n2 and j ∈ ∣D2 ⋅ on2 ,a2 ,c2 ∣ such that:
ζ((D2 ⋅ on2 ,a2 ,c2 )∣j )[σ2 ] = Q
σ2 (a2 ) = a
σ2 (c2 ) = c
Thus there is a transition
id
M ←Ð M ′ = ⟦P ′ ⟧h′1 [σ1′ ]@(D2 ⋅ on2 ,a2 ,c2 )∣j [σ2 ]@M0
[σ1 ,c]
h1 +!
where h′1 ∶ γ1′ , b ÐÐ→ n1 + 1 and σ1′ ∶ n1 + 1 ÐÐÐ→ γ.
As is the previous case, one can check that P [b ↦ c] & ⟦P ′ ⟧h′1 [σ1′ ]. Moreover,
Q & (D2 ⋅ on2 ,a2 ,c2 )∣j [σ2 ] and therefore [P [b ↦ c], Q]@C0 & M ′ .
● Case 2 for P1 , Case 1 for P2 . One has:
γ2′ ⊢ Q′
σ2 (h2 (a′2 )) = a
σ2 (h2 (c′ )) = c
Moreover, there exists a1 ∈ n1 and i ∈ ∣D1 ⋅ ιn1 ,a1 ∣ such that:
σ1 +⌜b⌝
ζ((D1 ⋅ ιn1 ,a1 )∣i )[n1 + 1] ÐÐÐ→ γ, b] = P
σ1 (a1 ) = a
50
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
γ1′
⊢
Case 1
h1 ∶ γ1′ −∼ n1
P1′
P1 =
P1
P1′ [σ1
○ h1 ] &
Case 2
σ1 ∶ n1 →
′
⟦P1 ⟧h1 [σ1 ]
γ1′
n1 ⊢D D1
P1′ = a′1 (b).P ′ +k1 R1′
σ1 +⌜b⌝
h1 +!
P [γ1′ , b ÐÐ→ n1 + 1 ÐÐÐ→ γ, b] = P
R1′ [σ1 ○ h1 ] = R1
γ2′ ⊢ P2′
h2 ∶ γ2′ −∼ n2
σ 2 ∶ n2 →
′
′
P2 = P2 [σ2 ○ h2 ] & ⟦P2 ⟧h2 [σ2 ]
σ1 ∶ n1 → γ
P1 = ζ(D1 )[σ1 ] & D1 [σ1 ]
′
P2
γ2′
n2 ⊢D D2
σ2 ∶ n2 → γ
P2 = ζ(D2 )[σ2 ] & D2 [σ2 ]
= a¯′2 ⟨c′ ⟩.Q′ +k2 R2′
Q [σ2 ○ h2 ] = Q
R2′ [σ2 ○ h2 ] = R2
P2′
′
Figure 8: Synchro LH Subcases
There is a transition
[σ1 ,⌜c⌝]
id
M ←Ð M ′ = (D1 ⋅ ιn1 ,a1 )∣i [n1 + 1 ÐÐÐÐ→ γ]@⟦Q′ ⟧h′2 [σ2′ ]@M0
As in the first case, we have Q = Q′ [σ2 ○ h2 ] & ⟦Q′ ⟧h2 [σ2 ]. Then, since
[σ1 ,⌜c⌝]
ζ((D1 ⋅ ιn1 ,a1 )∣i )[n1 + 1 ÐÐÐÐ→ γ]
σ1 +⌜b⌝
= (D1 ⋅ ιn1 ,a1 )∣i [n1 + 1 ÐÐÐ→ γ, b][b ↦ c]
= P [b ↦ c]
we have that [P [b ↦ c], Q]@C0 & M ′ .
● Case 2 for both P1 and P2 . There exists a1 ∈ n1 , a2 , c2 ∈ n2 , i ∈ ∣D1 ⋅ ιn1 ,a1 ∣ and
and j ∈ ∣D2 ⋅ on2 ,a2 ,c2 ∣ such that:
σ1 +⌜b⌝
ζ((D1 ⋅ ιn1 ,a1 )∣i )[n1 + 1] ÐÐÐ→ γ, b] = P
ζ((D2 ⋅ on2 ,a2 ,c2 )∣j )[σ2 ] = Q
There is a transition
id
σ1 (a1 ) = a
σ2 (a2 ) = a
σ2 (c2 ) = c
[σ1 ,⌜c⌝]
M ←Ð M ′ = (D1 ⋅ ιn1 ,a1 )∣i [n1 + 1 ÐÐÐÐ→ γ]@(D2 ⋅ on2 ,a2 ,c2 )∣j [σ2 ]@M0
As in the previous cases, one can show that [P [b ↦ c], Q]@C0 & M ′ .
Heating, (LH). We now consider the case of a heating, i.e. when one has a transition
τ
⟨γ∥[P ∣ Q]@C0 ⟩ ←
Ð ⟨γ∥[P, Q]@C0 ⟩
τ
with ⟨γ∥[P ∣ Q]@C0 ⟩ & M . We want to show that there exists a transition M ←
Ð M ′ with
⟨γ∥[P, Q]@C0 ⟩ & M ′ .
We now have to consider subcases, depending on which rule applies for showing that
⟨γ∥[P ∣ Q]@C0 ⟩ & M . Notice that P ∣ Q cannot be of the form ζ(D)[σ]. We are therefore
left with two subcases, depending on wether the first or third rule apply.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
51
● If the first rule is applied:
γ ′ ⊢ P ′ ∣ Q′
h∶ γ ′
∼
−
σ∶ n → γ
n
(P ∣ Q )[σ ○ h] & ⟦P ∣ Q ⟧h [σ]
′
′
′
′
We write D = ⟦P ∣ Q ⟧h , and notice that
′
′
D = ⟨πnl ↦ ⟦P ′ ⟧h , πnr ↦ ⟦Q′ ⟧h , − ↦ ∅⟩
There exists a transition
τ
M ←
Ð M ′ = [⟦P ′ ⟧h [σ], ⟦Q′ ⟧h [σ]]@M0
Moreover P = P ′ [σ ○ h] and Q = Q′ [σ ○ h], and therefore ⟨γ∥[P, Q]@C0 ⟩ & M ′ .
● If the third rule is applied:
n ⊢D D1 , D2
σ∶ n → γ
P ∣ Q = (ζ(D ) ∣ ζ(D ))[σ] & D1 [σ], D2 [σ]
1
2
We notice that [P, Q] = [ζ(D)[σ], ζ(D)[σ]]. Then [P, Q] & [D[σ], D[σ]], i.e.
⟨γ∥[P, Q]@C0 ⟩ & M .
Nu, (LH). We now consider the case of a ν rule, i.e. when one has a transition
τ
⟨γ∥[νa.P +k R]@C0 ⟩ ←
Ð ⟨γ, a∥P @C0 [γ ⊂ γ, a]⟩
τ
with ⟨γ∥[νa.P +k R]@C0 ⟩ & M . We want to show that there exists a transition M ←
Ð M′
with ⟨γ, a∥P @C0 [γ ⊂ γ, a]⟩ & M ′ .
We notice that νa.P +k R cannot be obtained from the third rule. We thus consider
two subcases corresponding to the first and secodn rules.
● If the first rule is applied:
γ ′ ⊢ νa.P ′ +k R′
h∶ γ ′
∼
−
n
σ∶ n → γ
νa.P +k R = (νa.P +k R )[σ ○ h] & ⟦νa.P ′ +k R′ ⟧h [σ]
′
′
We write D = ⟦νa.P ′ +k R′ ⟧h as ⟨νn ↦ ⟦P ′ ⟧h′ , − ↦ ∅⟩ + ⟦R′ ⟧h , where h′ ∶ γ ′ , a
is the map h + 1.
Then there is a transition
τ
∼
−
n+1
σ+1
M ←
Ð M ′ = ⟨γ, a∥⟦P ′ ⟧h′ [n + 1 ÐÐ→ γ, a]@M0 [γ ⊂ γ, a]⟩
and, modulo the fact that C & M implies C[σ] & M [σ], we have P @C0 [γ ⊂ γ, a] &
h′
σ+1
⟦P ′ ⟧h′ [σ + 1]@M0 [γ ⊂ γ, a] since P = P ′ [γ ′ , a Ð→ n + 1 ÐÐ→ γ, a].
● If the second rule is applied:
n ⊢D D
σ∶ n → γ
νa.P +k R = ζ(D)[σ] & D[σ]
σ+⌜a⌝
There exists i ∈ ∣D ⋅ νn ∣ such that ζ((D ⋅ νn )∣i )[n + 1 ÐÐÐ→ γ, a] = P . There is then a
transition
τ
M ←
Ð M ′ = ⟨γ, a∥(D ⋅ νn )∣i )[σ + ⌜a⌝]@M0 [γ ⊂ γ, a]⟩
and P @C0 [γ ⊂ γ, a] & M ′ .
52
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
Tick and Tau, (LH). We now consider the cases ♡ and τ , i.e. when one has a transition
ξ
⟨γ∥[ξ.P +k R]@C0 ⟩ ←
Ð ⟨γ∥P @C0 ⟩
where ξ ∈ {♡, τ }, with ⟨γ∥[ξ.P +k R]@C0 ⟩ & M . We want to show that there exists a
ξ
transition M ←
Ð M ′ with ⟨γ∥P @C0 ⟩ & M ′ .
Once again, the third rule could not have been applied, and we are left with two subcases
corresponding to the first and second rules.
● If the first rule is applied:
γ ′ ⊢ ξ.P ′ +k R′
h∶ γ ′
∼
−
σ∶ n → γ
n
ξ.P +k R = (ξ.P +k R )[σ ○ h] & ⟦ξ.P ′ +k R′ ⟧h [σ]
′
′
We write D = ⟦ξ.P ′ +k R′ ⟧k as ⟨ξn ↦ ⟦P ⟧h , − ↦ ∅⟩ + ⟦R′ ⟧h . Then there is a transition
ξ
M = D[σ] ←
Ð M ′ = ⟦P ′ ⟧h [σ]@M0
and P = P ′ [σ ○ h] thus P @C0 & M ′ .
● If the second rule is applied:
n ⊢D D
σ∶ n → γ
ξ.P +k R = ζ(D)[σ] & D[σ]
There exists i ∈ ∣D ⋅ ξn ∣ such that ζ((D ⋅ ξn )∣i = [σ] = P . There there is a transition
ξ
M ←
Ð M ′ = (D ⋅ ξn )∣i [σ]@M0
and P @C0 & M ′ .
We have thus proved that the (LH) property holds. We now proceed with the case
analysis for (RH).
Synchro, (RH). We start, once again, with the case of the synchronization, i.e. when one
has a transition
[σ1 ,⌜σ2 (b2 )⌝]
id
⟨γ∥D1 [σ1 ], D2 [σ2 ]⟩ = M ←Ð M ′ = ⟨γ∥(D1 ⋅ιn1 ,a1 )∣i [n1 +1 ÐÐÐÐÐÐÐ→ γ], (D2 ⋅on2 ,a2 ,b2 )∣j [σ2 ]⟩
where σ1 (a1 ) = a = σ2 (a2 ) and σ2 (c2 ) = c, and there exists C with C & ⟨γ∥D1 [σ1 ], D2 [σ2 ]⟩.
id
We want to show that there exists a transition C ←Ð C ′ with C ′ & M ′ . There are exactly
10 subcases here. Firstly, one could have used each of the three rules for &0 for both D1
and D2 , yielding nine subcases. The remaining subcase corresponds to the use of the third
(heating) rule on both D1 and D2 simultaneously. We start with this special case, and then
treat the nine others.
● The third rule is applied on D1 and D2 simultaneously (hence σ1 = σ2 = σ):
n ⊢D D1 , D2
σ∶ n → γ
(ζ(D1 ) ∣ ζ(D2 ))[σ] & D1 [σ], D2 [σ]
id
Then (ζ(D1 ) ∣ ζ(D2 ))[σ] ←Ð [ζ(D1 )[σ1 ], ζ(D2 )[σ2 ]] shows this case is treated as
the case where both D1 and D2 are used in the second rule.
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
53
● The third rule is applied on D1 and any of the three rules is applied on D2 :
n ⊢D D1 , D3
σ1 ∶ n1 → γ
(ζ(D1 ) ∣ ζ(D3 ))[σ1 ] & D1 [σ1 ], D3 [σ1 ]
id
Then there is a transition (ζ(D1 ) ∣ ζ(D3 ))[σ1 ] ←Ð [ζ(D1 )[σ1 ], ζ(D3 )[σ1 ]] which
reduces this to the case (below) of a second rule applied to D1 .
● The third rule is applied on D2 and any of the two first rules is applied on D1 :
n ⊢D D2 , D3
σ2 ∶ n2 → γ
(ζ(D2 ) ∣ ζ(D3 ))[σ2 ] & D2 [σ2 ], D3 [σ2 ]
Once again, this is shown to reduce to the case of a seconde rule on D2 , using the
id
transition (ζ(D2 ) ∣ ζ(D3 ))[σ2 ] ←Ð [ζ(D2 )[σ2 ], ζ(D3 )[σ2 ]].
● The first rule is applied on both D1 and D2 :
γ1′ ⊢ P1 = a′1 (b).P1′ +k1 R1
h1 ∶ γ1′
∼
−
n1
σ1 ∶ n 1 → γ
P1 [σ ○ h] & ⟦P1 ⟧h1 [σ1 ]
where
D1 = ⟦P1 ⟧h1
and
(D1 ⋅ ιn1 ,a1 )∣i = ⟦P1′ ⟧h1
γ2′ ⊢ P2 = a¯′2 ⟨c′2 ⟩.P2′ +k2 R2
h1 (a′1 ) = a1
h2 ∶ γ2′
∼
−
n2
h1 +1
h′1 ∶ γ1′ , b ÐÐ→ n1 + 1
σ2 ∶ n2 → γ
P2 [σ ○ h] & ⟦P2 ⟧h2 [σ2 ]
where
D2 = ⟦P2 ⟧h2
(D2 ⋅ on2 ,a2 ,c2 )∣j = ⟦P2′ ⟧h2
h2 (a′2 ) = a2
h2 (c′2 ) = c2
σ1 ○h1 +b
Then P1 [σ1 ○ h1 ] = a(b).P1′ [γ1′ , b ÐÐÐÐ→ γ, b] +k1 R1 [σ1 ○ h1 ] and P1′ [[σ1 , ⌜c⌝] ○ h′1 ] =
P1′ [σ1 ○ h1 + b][b ↦ c]. Moreover P2 [σ2 ○ h2 ] = a
¯⟨c⟩.P2′ [σ2 ○ h2 ] +k2 R2 [σ2 ○ h2 ]. Then
there is a transition
id
C = [P1 [σ1 ○ h1 ], P2 [σ2 ○ h2 ]]@C0 ←Ð C ′ = P1′ [[σ1 , ⌜c⌝] ○ h′1 ]@P2′ [σ2 ○ h2 ]@C0
and C ′ & (D1 ⋅ ιn1 ,a1 )∣i [[σ1 , ⌜c⌝]]@(D2 ⋅ on2 ,a2 ,c2 )∣j [σ2 ]@M0 .
● The second rule is applied on both D1 and D2 . Then C = ζ(D1 )[σ1 ]@ζ(D2 )[σ2 ]@C0
with C0 & M0 . There is a transition
id
C ←Ð C ′ = ζ((D1 ⋅ ιn1 ,a1 )∣i )[[σ1 , ⌜c⌝]]@ζ((D2 ⋅ on2 ,a2 ,c2 )∣j )[σ2 ]@M0
and C ′ & M ′ .
● The second rule is applied on D2 , the first rule on D1 :
γ1′ ⊢ P1 = a′1 (b).P1′ +k1 R1
h1 ∶ γ1′
∼
−
n1
σ1 ∶ n 1 → γ
P1 [σ ○ h] & ⟦P1 ⟧h1 [σ1 ]
where
D1 = ⟦P1 ⟧h1
(D1 ⋅ ιn1 ,a1 )∣i = ⟦P1′ ⟧h1
h1 (a′1 ) = a1
h1 +1
h′1 ∶ γ1′ , b ÐÐ→ n1 + 1
Then C = P1′ [σ1 ○ h1 ]@ζ(D2 )[σ2 ]@C0 with C0 & M0 . There is a transition
id
C ←Ð C ′ = P1′ [[σ1 , ⌜c⌝] ○ h′1 ]@ζ((D2 ⋅ on2 ,a2 ,c2 )∣j )[σ2 ]@M0
and C ′ & M ′ .
54
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
● The second rule is applied on D1 , the first rule on D2 :
γ2′ ⊢ P2 = a¯′2 ⟨c′2 ⟩.P2′ +k2 R2
σ2 ∶ n2 → γ
h2 ∶ γ2′ −∼ n2
P2 [σ ○ h] & ⟦P2 ⟧h2 [σ2 ]
where
D2 = ⟦P2 ⟧h2
(D2 ⋅ on2 ,a2 ,c2 )∣j = ⟦P2′ ⟧h2
h2 (a′2 ) = a2
h2 (c′2 ) = c2
Then C = ζ(D1 )[σ1 ]@P2′ [σ2 ○ h2 ]@C0 with C0 & M0 . Therefore there is a transition
id
C ←Ð C ′ = ζ((D1 ⋅ ιn1 ,a1 )∣i )[[σ1 , ⌜c⌝]]@P2′ [σ2 ○ h2 ]@C0
and C ′ & M ′ .
Fork, (RH). We consider the case of a fork, i.e. one has a transition
id
⟨γ∥D[σ]⟩ ←Ð ⟨γ∥(D ⋅ πnl )∣i [σ], (D ⋅ πnr )∣j [σ]⟩
id
with C & ⟨γ∥D[σ]⟩. We want to show that there exists a transition C ←Ð C ′ with C ′ & M ′ .
We have to consider the three subcases corresponding to the three possible rules for &0 .
● The first rule is applied:
γ ′ ⊢ P = P1 ∣ P2
h∶ γ ′
∼
−
n
σ∶ n → γ
P [σ ○ h] & ⟦P ⟧h [σ]
where
(D ⋅ πnl )∣i = ⟦P1 ⟧h
Then there is a transition
(D ⋅ πnr )∣j = ⟦P2 ⟧h
id
P [σ ○ h] ←Ð P1 [σ ○ h]@P2 [σ ○ h]
and P1 [σ ○ h]@P2 [σ ○ h] & ⟨γ∥(D ⋅ πnl )∣i [σ], (D ⋅ πnr )∣j [σ]⟩.
● The second rule is applied:
n ⊢D D
σ∶ n → γ
ζ(D)[σ] & D[σ]
Then there exits transitions
ζ(D)[σ]
id
←Ð (ζ((D ⋅ πnl )∣i ) ∣ ζ((D ⋅ πnr )∣j ))[σ]
id
←Ð ζ((D ⋅ πnl )∣i )[σ]@ζ((D ⋅ πnr )∣j )[σ]
and ζ((D ⋅ πnl )∣i )[σ]@ζ((D ⋅ πnr )∣j )[σ] & ⟨γ∥(D ⋅ πnl )∣i [σ], (D ⋅ πnr )∣j [σ]⟩
● The third rule is applied:
n ⊢D D, D′
σ∶ n → γ
(ζ(D) ∣ ζ(D ))[σ] & D[σ], D′ [σ]
′
Then M0 = D′ [σ]@M1 . There are transitions (the second (two-transitions) step is
taken from the previous case):
(ζ(D) ∣ ζ(D′ ))[σ]
id
←Ð
ζ(D)[σ]@ζ(D′ )[σ]
←Ð
ζ((D ⋅ πnl )∣i )[σ]@ζ((D ⋅ πnr )∣j )[σ]@ζ(D′ )[σ]
id 2
and ζ((D ⋅ πnl )∣i )[σ]@ζ((D ⋅ πnr )∣j )[σ] & ⟨γ∥(D ⋅ πnl )∣i [σ], (D ⋅ πnr )∣j [σ]⟩
BEYOND CAUSAL MODELS: A SHEAF MODEL FOR π
55
Nu, (RH). We consider the case of a ν rule, i.e. one has a transition
σ+⌜a⌝
id
⟨γ∥D[σ], M0 ⟩ ←Ð ⟨γ∥(D ⋅ νn )∣i [n + 1 ÐÐÐ→ γ, a], M0 [γ ⊂ γ, a]⟩
id
with C & ⟨γ∥D[σ]⟩. We want to show that there exists a transition C ←Ð C ′ with C ′ & M ′ .
Here again, we have to consider all three subclasses.
● The first rule is applied:
γ ′ ⊢ P = νa.P ′ +k R
h∶ γ ′
n
∼
−
σ∶ n → γ
P [σ ○ h] & ⟦P ⟧h [σ]
where (D ⋅ νn )∣i = ⟦P ⟧h+! . Then there are the following transitions
′
id
σ+⌜a⌝
h+!
C = P [σ ○ h] ←Ð P ′ [γ ′ , a ÐÐ→ n + 1 ÐÐÐ→ γ, a]@C0 [γ ⊂ γ, a]
σ+⌜a⌝
h+!
with P ′ [γ ′ , a ÐÐ→ n + 1 ÐÐÐ→ γ, a]@C0 [γ ⊂ γ, a] & ⟦P ′ ⟧h+! [σ + ⌜a⌝]@M0 [γ ⊂ γ, a]
where ⟦P ′ ⟧h+! [σ + ⌜a⌝]@M0 [γ ⊂ γ, a] = M ′ .
● The second rule is applied:
n ⊢D D
σ∶ n → γ
ζ(D)[σ] & D[σ]
There is a transition
σ+⌜a⌝
id
ζ(D)[σ] ←Ð ζ((D ⋅ νn )∣i )[n + 1 ÐÐÐ→ γ, a]@C0 [γ ⊂ γ, a]
σ+⌜a⌝
and ζ((D ⋅ νn )∣i )[n + 1 ÐÐÐ→ γ, a]@C0 [γ ⊂ γ, a] & M ′ .
● The third rule is applied:
n ⊢D D, D′
σ∶ n → γ
(ζ(D) ∣ ζ(D ))[σ] & D[σ], D′ [σ]
′
Then M0 = D′ [σ]@M1 , and there exists transitions
(ζ(D) ∣ ζ(D′ ))[σ]
id
←Ð ζ(D)[σ]@ζ(D′ )[σ]
σ+⌜a⌝
id
←Ð ζ((D ⋅ νn )∣i )[n + 1 ÐÐÐ→ γ, a]@ζ(D′ )[σ]@C0 [γ ⊂ γ, a]
Tick and Tau, (RH). We now consider the cases ♡ and τ , i.e. when one has a transition
ξ
⟨γ∥D[σ]@M0 ⟩ ←
Ð ⟨γ∥(D ⋅ ξn )∣i [σ]@M0 ⟩
where ξ ∈ {♡, τ }, with C & ⟨γ∥D[σ]⟩. We want to show that there exists a transition
id
C ←Ð C ′ with C ′ & M ′ . Again, all three subcases have to be considered.
● The first rule is applied:
γ ′ ⊢ P = ξ.P ′ +k R
h∶ γ ′
∼
−
n
σ∶ n → γ
P [σ ○ h] & ⟦P ⟧h [σ]
with (D ⋅ ξn )∣i = ⟦P ⟧h . Then
′
ξ
P [σ ○ h] ←
Ð P ′ [σ ○ h] & ⟦P ′ ⟧h [σ]
56
C. EBERHART, T. HIRSCHOWITZ, AND T. SEILLER
● The second rule is applied:
n ⊢D D
σ∶ n → γ
ζ(D)[σ] & D[σ]
Then
ξ
ζ(D)[σ] ←
Ð ζ((D ⋅ ξn )∣i )[σ] & (D ⋅ ξn )∣i [σ]
● The third rule is applied:
n ⊢D D, D′
σ∶ n → γ
(ζ(D) ∣ ζ(D ))[σ] & D[σ], D′ [σ]
′
Then M0 = D′ [σ]@M1 . Then
id
ξ
(ζ(D) ∣ ζ(D′ ))[σ] ←Ð ζ(D)[σ]@ζ(D′ )[σ] ←
Ð ζ((D ⋅ ξn )∣i )[σ]@ζ(D′ )[σ]