The category-theoretic solution of recursive ultra-metric space equations

We give a short description of our implementation in Coq supporting the construction of category-theoretic solutions to recursive ultra-metric space equations for domain theory. This is one step in our efforts to provide a category-theoretical foundation for program semantics and program logics. Introduction One particular difficulty in defining a denotational semantics for concurrent higher-order imperative programming languages is the fact that their models are solutions to recursive and sometimes circular equations. The same applies to defining semantics of program logics for verification of programs written in these languages. This is because a programming language’s semantics is usually used to reason about soundness of such program logics. To be more specific, to interpret an imperative programming language with higher-order store we need a model of the program’s heapW = N ⇀fin T (usually referred to as worlds in the Kripke style semantics) that maps memory locations to types. Here, finiteness is to indicate that only a finite number of memory locations are allocated. On the other hand, to interpret types, we need to interpret reference types (“ref τ” for a type τ ) depending on the world (state of the heap) at hand. That is, ref τ for a world w should be interpreted as the set of memory locations that have type τ in w. Hence, types should be interpreted as T = W →mon 2 where V is the set of values (including memory locations). The monotonicity requirement is for the sake of coherence. That is, allocating more memory locations should not shrink the set of values of a type. In case of reference types it should indeed increase them. This evident circularity is the main cause of difficulties faced in defining semantics of such programming languages. This is best explained in [2]. Solution in M-categories Such recursive and circular domaintheoretic equations are usually solved in a category enriched over a category with extra structure which allows construction of such solutions. These solutions are usually in the form of the fixed points of some functors unique up to isomorphism. Such a method is presented in [1] and compared to some other relevant works. In [1], the extra structure is that of a non-empty complete bounded ultra-metric space. An ultra-metric space consists of a set M and a distance function δ : M ×M → R to the positive real numbers such that: UM-1 ∀x, y. δ(x, y) = 0⇔ x = y UM-2 ∀x, y. δ(x, y) = δ(y, x) UM-3 ∀x, y, z. δ(x, y) ≤ max(δ(x, z), δ(y, z)) An ultra-metric space is complete if every Cauchy sequence has a limit. It is bounded if the codomain of δ instead of R is the set [0, b] for some b ∈ R. A function f : M → M ′ from one ultra metric space to another is called non-expansive if δ′(f(x), f(y)) ≤ δ(x, y) and contractive if there is a c ML-4 Appr(X) is a subset of X of approximation elements ML-5 ∀a. a ∈ Appr(X)→ ⊥ @ a ML-6 ∀a. ⊥ @ a→ ∃b ∈ Appr(X). b v a ML-7 ∀a. (∀b ∈ Appr(X). a @ b)→ a = ⊥ ML-8 (∀a ∈ Appr(X). ∃b ∈ Appr(X). b @ a)∨ (∃c ∈ Appr(X). ∀a. a @ c→ a = ⊥) Conditions ML-1 and ML-2 imply that X is a complete meet-lattice (in the order-theoretic sense). The elements ⊥ and > respectively play the role of 0 and b (the bound). In practice we only care about approximations (e.g., of limits) only for distances in Appr(X). For instance, one can work with real numbers but only care for approximation of limits only up to rational numbers. The rest of the conditions are to allow us to prove that defining limits with approximations up to approximation elements have the desired properties, e.g., uniqueness and Banach’s fixed point theorem. The disjunction and existential quantifiers in Condition ML-8 are respectively represented as sum types and Σ types (dependent sum type) to allow their elimination in computational contexts. The notion of M-lattice as described above allows us to develop a general theory of ultra-metric spaces. They allow us to prove general properties required, e.g., the fact that CBULTne itself forms a complete cartesian-closed M-category. In [3], the authors only provide support for bisected ultra-metric spaces. We represent bisected spaces by providing an M-lattice whose elements are monotone functions (in Coq) f : N → Prop. By monotone we mean ∀n,m. m ≤ n → f(n) → f(m). In this encoding > is (fun n ⇒ False) and ⊥ is (fun n ⇒ True) and f v g iff ∀n. g(n) → f(n) (note the order of implication). The distance of two elements of a bisected ultra-metric space is then defined as δ(x, y)(n) = ∧ 0≤i≤n x(n) = y(n) which is obviously monotone. Contractiveness In order to represent contractiveness without a contraction factor c, we use a function called contraction rate ρ : L → L where L is the M-lattice representing distances. It is required that ρ is monotone, non-expansive (∀x. ρ(x) v x), contractive for positive distances (∀x. ⊥ @ x → ρ(x) @ x) and that ∀x, y ∈ Appr(L). ∃n ∈ N. ρ(x) @ y. Intuitively and practically in our definition of contractive functions, ρ(x) plays the role of (c · x). In [3], working with bisected spaces, the authors require a contractive function f to satisfy the rather strong condition that δ(f(x), f(y)) ≤ 2−n. Equality In our definition of an ultra-metric space in Coq we have used the conditions of ultra-metric spaces specified above verbatim. For equality, we have used Coq’s internal definition of equality. This is contrary to [3]. There, the authors use setoids to have custom equalities. In particular, they want to say two elements are equal if their distance is less than 2−n for any n ∈ N. We prove this using axioms of functional and propositional extensionality. M-categories In our development, M-categories are simply categories where the morphism sets form a complete bounded ultrametric space. Note that we don’t require the rather restrictive condition of non-emptiness. To compensate for this, we require the user to provide a morphism f : 1→ F(1, 1) for construction and proof of uniqueness of the fixed point of F . Here 1 is the terminal object of the category. This is the only place where the non-emptiness is actually used in the construction and proofs. The authors of [3] drop the non-emptiness condition just as we have done. Categories in [4] are represented using records. We define Mcategories as a record as follows: Record MCat (L : MLattice) : Type := { MC_Obj : Type; MC_Hom : MC_Obj→ MC_Obj→ (Complete_UltraMetric L); MC_compose : forall {a b c : MC_Obj}, NonExpansive (product_CUM (MC_Hom a b) (MC_Hom b c)) (MC_Hom a c);