Towards a Mathematical Operational Semantics
Daniele Turi* Gordon Plotkint
[email protected]
>
[email protected]
>
Department of Computer Science
Laboratory for Foundations of Computer Science
University of Edinburgh, The King’s Buildings
Edinburgh EH9 352, Scotland
Abstract
W e present a categorical theory of ‘well-behaved’
operational semantics which aims at complementing
the established theory of domains and denotational se-
mantics to form a coherent whole. I t is shown that, i f
the operational rules of a programming language can be
modelled as a natural transformation of a suitable gen-
eral form, depending on functorial notions of syntax
and behaviour, then one gets the following for free: an
operational model satisfying the rules and a canonical,
internally f u l l y abstract denotational model which sat-
isfies the operational rules. The theory is based on dis-
tributive laws and bialgebras; it specialises to the known
classes of well-behaved rules for structural operational
semantics, such as GSOS.
Introduction
Operational semantics, a fundamental tool in lan-
guage design and verification, provides a formal de-
scription of the behaviour of programs. It is often
defined in terms of atomic, elementary transitions, de-
scribing local behaviour. Mathematically, these trans-
itions can be modelled as the elements of a relation, the
intended operational model of the language. A con-
venient way of specifying such a transition relation i s
by induction on the structure of the programs, starting
from suitable operational rules for the basic constructs
of the language [Zl].
Traditionally, operational semantics is contrasted
with the mathematical interpretation of programs
called denotational semantics, where programs are
*Research supported by EuroFOCS.
Research supported by an EPSRC Senior Fellowship.
1043-6871/97 $10.00 0 1997 IEEE
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
mapped into a suitable semantic domain endowed with
an operation for each construct of the language. Both
operational and denotational semantics are necessary
for a complete description of a programming language:
the former for specifying the execution of the programs
and the latter for reasoning about them in terms of
abstract, mathematical entities. It is therefore funda-
mental that a denotational semantics be adequate, ie
that it determines the operational behaviour of pro-
grams [24].
For languages without variable binding, but possibly
multi-sorted, a denotational model can be seen as a
C-algebra, where C is the signature of the language
corresponding to the basic constructs. The programs
themselves form the initial such E-algebra and the cor-
responding unique homomorphism from the programs
to the denotational model is called initial algebra se-
mantics [121.
The semantic domain, ie the carrier of the denota-
tional model, can often be regarded as the final solu-
tion of a domain equation X E B ( X ) , for a suitable
‘behaviour’functor B. In other words, the semantic do-
main is the final B-coalgebra. The transition relations
may also be seen as B-coalgebras and, therefore, so
can the intended operational model of a language. The
corresponding unique coalgebra homomorphism, given
by finality, from the intended operational model to
the semantic domain is called final coalgebra semantics
[ 2 , 231; under suitable assumptions on B,it is fully ab-
stract with respect to behavioural equivalence. When
initial algebra and final coalgebra semantics coincide,
one has an adequate denotational semantics [23].
Adequacy proofs can be quite demanding, hence
general criteria ensuring adequacy are of interest.
For process algebras, as used for specifying non-
deterministic and concurrent programs [17, 5 ] ? there
exist syntactic restrictions on the format of the oper-
280
ational rules which ensure that bisimulation [17] is a
congruence. Among the rules in these formats, GSOS
rules [B] are the best known and (negative) tree rules
[ll]are the most general. In [22], the ‘processes as
terms’ method, based on such a congruence result, is
presented which allows for the systematic derivation of
adequate denotational models from ‘tyft rules’ [13], a
class of rules equivalent to tree rules.
We present here a categorical reformulation and gen-
eralisation of the above adequacy meta-results. First,
we show that certain sets R of GSOS rules can be
modelled as natural transformations [RIdepending on
the functorial notions of signature C and behaviour
B. Next, it is shown that the mapping RI-) [RI is
an essentially 1-1 correspondence. The naturality of
[RIaccounts for the syntactic restrictions on the oc-
currences of meta-variables in GSOS rules and provides
a categorical explanation of their good behaviour.
The first advantage of the above approach is that
the GSOS rules can be modelled not only in Set, but
also in every category with enough structure such as
the category of cpos and continuous functions used in
denotational semantics. This is a step towards bridging
the gap between operational and domain theory.
A second advantage is that the mathematical mod-
elling of the rules is a useful semantic tool in the in-
vestigation of syntactic formats. For instance, in See
the ‘dual’ of the type of natural transformation cor-
responding to GSOS also corresponds to an interesting
format, namely the safe tree rules: these form a natural
subclass of (negative) tree rules which always possess a
satisfying transition relation. Interestingly, the failure
to fit the class of (simple negative) tree rules in the
present approach brought to light a slight inaccuracy
in the literature and, eventually, led to the discovery
of the safe tree rules.
A third advantage is that by varying C and B a wide
variety of notions of program constructs and behaviour
can be accommodated. (See also [30].) Further, one
can study abstract notions of operational rules p, such
as ‘abstract GSOS’ and ‘abstract tree rules’, applicable
to languages other than process algebras and whose
properties can be studied in general.
In this theory we assume that C freely generates
a monad T which is thought of as corresponding to
the syntax of the language. The first result is that
such abstract operational rules p induce an operational
monad T, lifting the monad T to the B-coalgebras, ie
to the operational models, in the sense that its action
on the carriers is the same as the monad T .
If p is of abstract tree rules form rather than ab-
stract GSOS, then, by duality, one first coinductively
derives a denotational comonad D,. The assumption
281
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
here is that the functor B cofreely generates a comonad
D which should correspond to the global behaviours
of the language. The comonad D, is a lifting of this
comonad D to the E-algebras, ie to the denotational
models. However, one can still speak of the opera-
tional monad defined by some abstract tree rules be-
cause a general theorem shows that liftings of D to the
E-algebras and liftings of T to the B-coalgebras are in
1-1correspondence.
In fact, these liftings are also in 1-1correspondence
with the distributive laws X of the monad T over the
comonad D., which generalise both abstract GSOS and
abstract tree rules. One is led now to consider the bial-
gebras of such distributive laws. When X corresponds
to some abstract operational rules p, the A-bialgebras
can be seen as combinations of operational and denota-
tional models which satisfy the rules. Henceforth they
are called p-models; they specialise to the GSOS mod-
els of 6251 and to models of tree rules (with an appro-
priate definition).
The primary fact about pmodels is that, from res-
ults in [15], it easily follows that the forgetful functors
to each of the categories of denotational and opera-
tional models have adjoints. One adjunction implies
that there exists an initial pmodel -the intended oper-
ational model T,(O)for the initial algebra of programs.
By the definition of morphism of pmodels, this also
implies that every gmodel is adequate with respect to
the intended operational model in the sense that the
behaviour of the programs can be determined from any
gmodel up to a generalised, coalgebraic notion [4, 161
of bisimulation.
The other adjunction implies that there exists a final
p-model - the canonical denotational model D, (1)over
the final coalgebra of abstract, global behaviours. It
is necessarily adequate; further, it is internally fully
abstract with respect to coalgebraic bisimulation. The
derivation of this final model specialises to the above
mentioned processes-as-terms method.
The unique homomorphism from the initial to the
final pmodel is both the initial algebra and final coal-
gebra semantics for the abstract rules p. It is called
here universal semantics; it is the most abstract com-
positional interpretation of programs preserving beha-
vioural distinctions. Moreover, if the behaviour functor
B satisfies a certain mild condition, every pmodel has
a greatest (generalised) bisimulation which, moreover,
is a (generalised) congruence. This specialises to the
fact that bisimulation is a congruence for GSOS and
for tree rules.
The generalised, coalgebraic notion of bisimulation
considered here is to be understood as the behavioural
equivalence corresponding to the functor B under con-
sideration. It might take forms quite different from empty set. In general, the type B of the behaviour of
ordinary (strong) bisimulation. For instance, for the the above language is
behaviour functor in [14] it specialises to the much
coarser (complete) trace equivalence. As a corollary, BX = (?fix)" (2)
one has an abstract format of rules ensuring that trace the (covariant) functor mapping a set X to the set of
equivalence is a congruence [30].

-
functions from A to finite subsets of X .
To some extent, one can also deal with weak bisimu- Let x and 9 range over X , range over (PfiXIA, and
lation in this setting. As shown, eg in [13], weak bisim- let us write a {XI,. . . ,z,} for the function from A to
ulation for a given set of rules can be reduced to strong PfiX mapping a to { X I , 2,) and all other elements
~ ~ ~

bisimulation by adding three special rules for the T- of A to the empty set. Then, for each operator U of the
action. (See also [3].) These rules are in the tyft/tyxt signature, the corresponding rules can be modelled as
format, but they can be compiled into safe tree rules, a function
hence the present theory can be applied. This way of
dealing with weak bisimulation is quite indirect, but ].[I : (xx ( P ~ x ) ~ d) (PfiTX)"
~ ~ ~ ~ ~ ( ~ )
that just reflects the absence of an established denota-
tional model for it. A more direct treatment of weak as follows.
bisimulation might arise following [9]. [nil] = ae.O
I[ .PI
n(x7 = a- {x}
1 The Motivating Example: GSOS
ix' II Y I x' E P(a))
Consider the language with signature C consisting of (%P)U II ] ( Y , P ' ) = a U
a constant symbol 'nil', a set of unary action prefixing { x II Y' I Y' E P'(4
operators indexed by a finite set A of actions ranged Using the universal property of coproducts, these func-
over by a , and a binary parallel composition operator tions can then be glued into a single function, say
')I7. This signature freely generates, for every set X of
variables x,the set T X of terms t given by the abstract [R]x1 LI ( u A ( X x B X ) ) LI ( X x B X 1 2 + B T X
grammar
. I - x I nil I a . t I t 11 t
t ..- Note one has a function [R]xfor each set X of vari-
ables. In fact, one should think of the variables in the
This set T X is the carrier of the free C-algebra over X , rules as being "eta-variables'. Most importantly, the
where, in general, a C-algebra is given by a (carrier) set above definition of [R]x is natural in X : for every
Y and a function h mapping each operator U of arity n renaming of the variables (possibly involving equating
in the signature to a function of type Y" -+ Y . More some of the variables), first renaming and then apply-
concisely, the function h can be written as ing the rules is the same as first applying the rules and
then renaming. As shown in $5 and $7 the naturality
h: yar,tY(') +y of [RIexplains the good behaviour of R.
(1)
UEC More generally, let A, and Bi range over subsets of
A and let R be a set of rules of the form
using the disjoint union functor 'U' (coproduct in Set)
to glue the interpretation of the various operators to-
gether. \"I
Next, let the operational rules R inductively defin- U(X1, ...,2") At
ing the (labelled) transitions performable by the pro- which is image finite in the sense that there are finitely
grams of the above language be many rules for each operator CT in C and action c in A.
For every set X , one can associate to R a function
a.5 A-2 x3 x 1 4YP Y
x II Y 4 I1 Y x II Y -% 2 II Y' I[R]x: ( X x (PfiX)")aety(u)3 (PfiTX)A (4)
oEC
For instance, the simple program ( a .nil) 11 ( U . nil) can
either perform the action a becoming nil 11 (a' nil) or as follows. For all t in T X , c in A , x, in X , and B, in
perform a becoming ( a . n i l ) 11 nil. The (local) beha- ( R A A ,put
viour of this program can be modelled as the function
t E I[~]lX(~((~l,Pl),...~(~",P"))>~C~
from A to finite subsets of terms mapping a to the set
{ ( a .nil) 11 nil, (a nil) 11 nil} and all other actions to the if and only if the following condition holds.

282
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
Condition 1.1 There exists a (possibly renamed) rule
(3) in R such that {Y:~, . . . ,yTm;} is a subset of &(a),
for a in Ai, and ,&(b) is empty, for b in Bi. U
Note the function [R]x does not need to be natural in
the set X .
Definition 1.1 (GSOS [ 8 ] ) A GSOS rule is a rule of
type (3) such that the xi and ya. are all distinct and,
1.3
moreover, these are the only variables which can occur
in the term t. U rules is image finite.
Two sets of rules are called equivalent if they prove
the same rules in the sense of [ll,Def. 2.51.
Theorem 1.1 (GSOS is natural) There is a corres-
pondence between natural transformations of type
( X x (PfiX)A)"'itY(U)+ (PfiTWA
UtC
and image finite sets of GSOS rules for a signature C
(over a fixed denumerably infinite set of variables V ) .
Moreover, this correspondence is 1-1 up to equivalence
of sets of rules.
Proof. We just describe the correspondence. One
direction is given by the above mapping R t)[RI.
As for naturality, let us introduce some useful
abbreviation first: for every function f : X + X',
write f* for the function (Pfif)A, I' for the set
[Rnx(a((xl,P1),...,(Zn,Pn)))(C), and r' for the set
[R]x~(a((fxl,f*Pl),. * . , (fxn,f*Pn)))(c). Then the
claim is that
and, conversely,
2. tlt E r', 3t E r, t' =( ~ j ) ( t )
Consider the first clause. If t is in r then Con-
dition 1.1 holds. Clearly, &(b) = 0 if and only
if ( f * & ) ( b ) = 0, and {yfl,. . . , y&,} C ,&(a) implies
{fyfl, . . . ,fy&;} 5 ( f * & ) ( a ) ,therefore ( T f ) ( t )is in
I", because the xi and yrmp are the only variables oc-
curring in the rule. For the second clause, one also uses
the fact that the xi and the yrm; in a GSOS rule are all
distinct, hence the value of I" does not depend on any
of the possible identifications made by the renaming
function f .
In the converse direction, given a natural transform-
ation px of type ( 5 ) , one can define a set of rules as
follows. Let V be 21, z 2 , . . . and let z 3 (yl, . . .,yk}
be an abbreviation for x 4 y1,. . . ,x -% yk. Choose
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
Pi(a)= {y$ I j = 1,.. . ,m%}so that the xi and y$ are
all distinct. Then write a rule
whenever t E P X ( ~ ( ~ I , P. .I. ),(xn,Pn)))(c)
, and
Ai = { a E A I Pi(a) # 0). Naturality ensures this is a
GSOS rule. It can be further shown that naturality
and the finiteness of A ensure that the resulting set of
0
We do not understand this situation for infinite A ,
although the above definition of [RIstill works.
2 @SOS is Categorical
In this section, let C be a distributive category with
(5) infinite coproducts and a commutative free semi-lattice
monad Pf.The claim is that GSOS rules can be mod-
elled in every such category.
Note, first, that to every signature C one can asso-
ciate an endofunctor on Set with the same name:
UEC
Clearly, this definition also makes sense in C.
Next, rewrite BX = as B X = (1 P ~ x + )~,
which, again, makes sense in C: the power Y A is the
product nA Y , Pfis the free semi-lattice monad which
in Set is the relevant part of the endofunctor Pfi ob-
tained by removing the empty set, and '+' is just an-
other notation for the binary coproduct.
It remains to generalise T . For this, let C be
an arbitrary endofunctor on C and let C-Alg be the
corresponding category of E-algebras: objects are
pairs ( X , h ) , where the 'carrier' X is an object and
the 'structure' h : EX +
X is a morphism of
C ; the 'homomorphisms' f : ( X ,h) -+ ( X ' , h') are the
morphisms f : X -+ X' between the carriers such that
f o h = h' o (Cf). If the forgetful functor
U' : C-Alg 4 C ( X ,h) X
mapping E-algebras to their carriers, has a left adjoint
FE,then the corresponding monad
T = UCFE (7)
is the monad freely generated by C .
For finitary endofunctors C as the one above, it suf-
fices that C has w-colimits for the adjunction F C i U c
to hold and T to be defined. Thus one can take T
to be the monad freely generated by the endofunctor
283
E X = U U E C X""t"(u)m In Set, its value T X at a set
X is the set of terms corresponding to the operators
o of the signature and with variables x in X ; the unit
qx : X + T X is the insertion-of-variables function
which maps a variable x in X to the same variable but
seen as a term; and the multiplication px : T 2 X + T X
is the operation which allows one to plug terms into
contexts ~ responding to B X =
Theorem 2.1 For any image finite set R of GSOS
rules, a natural transformation
[RJJ
: (Xx (1+ PfX)A)apzty(o)-+ (1+ P f T X ) A
UEC
can be defined in the internal language of distributive
categories with infinite coproducts and a commutative
free semi-lattice monad P'. In the case of Set it spe-
cialises to the transformation (4).
Proof. The transformation IR]in (4)can be defined
categorically using: projections and injections, pairing
and copairing, and the associativity, symmetry, unit,
and distributive laws for products and coproducts; the
unique map to the final object 1; the unit and the free
structure of the monad T ; the join of free semi-lattices;
the unit and the strength of the commutative monad
Pf. (The use of the strength depends on the assumption
that, because R is image finite and A is finite, for each
operator the set of rules is finite.) U unguarded recursion by realising the abstract rules, for
The characterisation of GSOS given by the above
theorem allows one, for instance, to realise GSOS rules
in the category of cpos and continuous functions as
used in domain theory, rather than in Set.
3 Abstract GSOS
In general, given a Cartesian category C and arbit-
rary functorial notions of program constructs C and
behaviour B on C, with C freely generating the syntax
T, one can define a corresponding abstract notion of
operational rules as the natural transformations p of
type
C(1d x B ) + BT (8)
We shall need the following characterisation
Proposition 3.1 There is a 1-1 correspond-
ence between natural transformations of type
C(1d x B ) + BT and those of type C(T x BT) =+- B T .
Proof. One direction of the correspondence is given by
the mapping p t)e = B p o p~ : C ( T x B T ) + BT, for
p : C(1d x B ) + B T . In the converse direction, simply
precompose e : C ( T x B T ) =+- BT with C ( q x Bq). U
284
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
Several examples illustrating the use of the general-
ity of (8) are given in [30]. Here is a brief summary
thereof. Firstly, the operational rules of deterministic
programs with exceptions and side-effects can be mod-
elled instantiating (8) with the behaviour endofunctor
+
BX = (S. (1 X ) ) s , where S.Y is the copower Y. us
As shown below, the behavioural equivalence cor-
is bisimulation; a coarser
equivalence, namely trace equivalence, can be obtained
by considering the endofunctor BX = 1 A . X on the +
category SL(C) of semi-lattices in a category C. (This
is a simplified version of the behaviour in [14].) The
program construct endofunctor to be considered then is
E' : SL(C) -+SL(C), a monoidal generalisation of the
endofunctor C on Cartesian categories. For instance,
+
for the language of 81, C'X = 1 H A X ( X 8 X ) , +
where '8,is the tensor product of semi-lattices.
Note that (8) can be instantiated to rules not only
for single-sorted languages but also for multi-sorted
ones; it suffices to work with signatures (and beha-
viours) over 'power categories'.
Finally, we briefly consider recursion. GSOS stands
for 'SOS for non-deterministic programs with guarded
recursion9, because the full definition also allows for
definitions of programs by guarded recursion. In [30],
a functorial notion of guard is given which allows one
to generalise the definitions by guarded recursion to
abstract rules of type (8). Moreover, one can also treat
instance, in the category of cpos and partial continuous
functions and exploiting algebraic compactness. This
involves precomposing the endofunctor C with the lift-
ing endofunctor, so that one freely generates not only
finite but also partial and infinite terms, the latter be-
ing used to unfold recursive definitions of programs.
4 Coalgebras
The intended operational model of a set of con-
crete GSOS rules is the least relation R C 2'0 x A x T0
which satisfies the rules, where x 4 IC' stands for
(2, a, IC') E R. In general, a relation of type X x A x X
is called a labelled transition system [21] with set of
states X and set of labels A.
For image finite sets of GSOS rules it suffices to con-
sider image finite transition systems, where, for each
state and each action, the image of the transition re-
lation is a finite set. These are in 1-1 correspondence
with functions k : X + (PfiX)A as follows.
2 4 2' e IC! E @)(a) (9)
If, as considered here, the set A is finite, then image
finite transition systems cut down to finitely branch-
ing transition systems, where for each state, the set of
outgoing transitions is finite.
A function k : X -+ (PfiX)Ais a coalgebra of the
endofunctor BX = on Set. Formally, given an
endofunctor B : C -+ C, a B-coalgebra is a pair (X, k),
where the carrier X is an object and the structure
k : X -+ BX is a morphism of C. One often identifies
a coalgebra (X, k) with its structure k.
The B-coalgebras form a category B-Coalg, with ho-
momorphisms f : (X,k) + (X', k') the morphisms
f In general, final coalgebras need not exist, but if C
x-X'
BX - Bf
BX'
f : X + X' between the carriers such
k' o f = (Bf) o k. Note the forgetful functor
UB : B-Coalg -+ C (X,kC)
mapping coalgebras to their carriers.
For BX = the coalgebra homomorphisms
are, up to the correspondence (9), the same as the P-
open morphisms of [16], where P is a suitable category
of finite sequences of actions. (Thus, for this choice
of B, B-Coalg is a proper subcategory of the standard
category of transition systems [31].) As a consequence,
two transition systems are (strongly) bisimilar 1171 if
and only if there is a span of coalgebra homomorphisms
between them. This leads to the following coalgebraic
notion of bisimulation, a mild generalisation of the one
in [4].
Definition 4.1 (Coalgebraic Bisimulation) A B-
bisimulation between two coalgebras (XI, kl ) and
( X 2 , k z ) of an endofunctor B is a triple (X,figf2)
such that such that there exists a coalgebra structure
k : X + BX making ((X, k), f ~f 2,) a span
y\ (Xl k)
(Xl,k2) (X2,k2)
of coalgebra homomorphisms f~ , f 2 .
One can form the category of B-bisimulations
between two coalgebras (XI,kl) and (X2, k2) of an
endofunctor B on a category C : the morphisms
9 . ( X , f l , f 2 ) + ( X p s f i , f ~a) r e t h o s e g : X - + X ' i i n C
(thus not necessarily coalgebra homomorphisms) such
that fi = f j o g, for i = 1,2.
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
Let B be an endofunctor on a category C with kernel
pairs and let the internal equality of a coalgebra (X, IC)
be the kernel pair (in the underlying category C) of the
identity on its carrier X . One can easily prove that:
Proposition 4.1 (Strong Extensionality)
Internal equality is the final B-bisimulation of
the final B-coalgebra. 0
has a final object I, and the forgetful functor Ug has a
sight adjoint Gg : C -+ B-Coalg, then G g l is the final
B-coalgebra. For the endofunctor BX = (PfiX)A on
Set, such a right adjoint Gg exists [6]. It follows [29,
$131 that the final coalgebra G g l is the set of rooted,
image finite trees, with branches labelled by a E A ,
that quotiented by (ordinary) bisimulation. This is the set
of 'abstract global behaviours', ie the (abstract) non-
deterministic processes.
x Semantically, the above strong extensionality result
specialises then to the fact that such a final coalgebra
i s internally fully-abstract [l]with respect to bisimu-
lation, ie its largest bisimulation is the equality, hence
bisimilar elements are indistinguishable.
5 Operational Monads
Definition 5.1 Let T and B be endofunctors on the
same category C. An endofunctor ? on the category
of B-coalgebras lifts the endofunctor T to the B-
coalgebras if UB? = T U B , ie the diagram
-
-
T
B-Coalg B-Coalg
iUB
C-C
T
commutes. (Cf [15].)
When both T and ? are monads, ? lifts the
monad T to the B-coalgebras if the forgetful functor
0
UB : B-Coalg -+ C (together with the identity natural
transformation) is a monad morphism [27] from ?,! to
T. 0
Remark 5.1 A monad ? lifts a monad T = (T,7,p )
to the B-coalgebras if and only if Ug? = TUB and, for
285
every B-coalgebra k : X + B X , the diagram T,(k) : TX + BTX to be the unique map

QX
TX- CTX

B
\xq i
BTX+ C(TX x BTX)
ex
commutes El given by the above theorem.

Consider now T to be the monad freely generated
by an endofunctor C. The adjunction F C i U ’ gives a
well-known structural recursion theorem which special-
ises to the ordinary recursion (or iteration) theorem for
natural numbers, covering the simplest form of prim-
itive recursive functions, but not others such addition,
multiplication, exponentiation, etc, which need para-
meters and ‘accumulators’. (By structural recursion
we mean definition by structural induction.) Here we
shall need the following ‘folklore’ structural recursion
theorem [20] with accumulators, ie with terms as para-
Proposition 5.1 If the morphism ex is natural in X ,
then the above construction k e T,(k) extends to a
monad T, lifting T to the B-coalgebras.
Proof. First one needs to prove that, for every coal-
gebra homomorphism f : ( X , k ) + ( X ‘ , k ’ ) , T f is a
coalgebra homomorphism, ie
T,(k‘) oTf = BTf oT,(k)
so that one can define T e f to be T f . For this,
simply note that both composites T~(lc’) o Tf and

-
meters of the recursive definition. BTf o T R ( ~fit) as the unique morphism
IX $X
X TX- CTX
T h e o r e m 5.1 (Structural Recursion) Let T be a
monad freely generated by an endofunctor C on a
Cartesian category C and let $x : CTX + TX be the
structure of the free C-algebra over an object X of e.
1 C ( i d ,!)

C(TX x BTX‘)
For all morphisms f : X + Y and h : C(TX x Y ) + Y
in C there exists a unique morphism f t : T X + Y in
C such that BTX’-
QX‘
I W69 4
C(TX’ x BTX‘)

given by Theorem 5.1, hence they must be equal. (The

naturality of e is essential here!)

Y - h
E(TX x Y )
Next, one has to verify that the endofunctor T,
lifts the operations of the monad T . From Re-
mark 5.1, it suffices to show that, for every coal-
gebra structure k : X + B X , T,(k) o qx = Bqx o k
and Tp(k) o p x = Bpx o T i ( k ) , ie the unit and the
commutes. multiplication of T are coalgebra homomorphisms. For
the unit, this is immediate by definition of the func-
tor T,, while for the multiplication one also needs to
Proof. Turn h into the E-algebra structure
use the naturality of p and the fact that p is defined
($x o C T ~h, ) : C ( T X x Y ) + T X x Y over the
by (ordinary) structural recursion on the free algebra
product T X x Y and then apply the ordinary structural
structure. 0
recursion theorem to it and (qx, f ) : X + TX x Y . U
Recall Proposition 3.1. For every map Definition 5.2 The operational monad induced by
some abstract operational rules p : C(1d x B) + BT,
is the monad Te corresponding to the composite nat-
ural transformation e = Bp o p~ : C(T x B T ) + BT.
and every coalgebra k : X + B X , define the coalgebra We write Tp for this monad. U

286
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
 Let us try and understand the operational monad
T, when p = [RI,
for R a set of concrete GSOS rules.
Firstly, applying p to TX amounts to instantiating
the meta-variables of the rules with the terms in TX.
Formally, in this way the term t in a GSOS rule (3)
might contain terms as variables: one needs to apply
to it the multiplication of the term monad T in order
to ‘unbracket’ it and obtain an elementary term. This
is achieved here by composing ~ T with X Bpx.
Next, recall the correspondence (9) between coal-
gebras k : X + BX = (PfiX)Aand image finite trans-
ition systems. By regarding X as a set of constants
rather than as a set of states, the correspondence (9)
can also be seen as being between coalgebras and sets
of 6-rules [8], ie axiom rules. Up to these two eorres-
pondences, one can then check that k ~ -Tp(k) t is the
usual construction of a transition system for a finite
set of GSOS rules R and a possibly infinite (but image
finite) set k of 6-rules. In particular, if X is the empty
set, hence k is the trivial coalgebra 0 : 0 + BO and
T X = T0 is the set of closed terms, this construction
gives the intended operational model for the rules.
These remarks hold for arbitrary rules of type (3)
and, correspondingly, to possibly non-natural functions
I[R]lx.The naturality of GSOS ensures that T, i s an
operational monad, which is essential for applying the
theory in $ 7 ~
6 ‘Dualising9GSOS: Tree Rules
The duality between algebras and coalgebras can be
exploited to find a format of rules ‘dual’ to abstract
GSOS as follows.
Let C and B be two endofunctors on a cocartesian
category C and let D = (D,E , 6 ) be the cofree comonad
generated by B , that is, the forgetful functor UB has a
right adjoint G B : C -+ B-Coalg and
D = UBGB
By the dual of Theorem 5.1 and Definition 5.1, every
natural transformation
e : CD + B ( D + C O )
coinductively defines a lifting D , of the comonad D to
the C-algebras:
h
E-Alg >C-Alg
c-c
D for ‘lookahead’, in that one can look not only at the
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
In particular, such a lifting can be obtained from nat-
ural transformations
p : CD 3 B(ld + E) (12)
by dualising Proposition 3.1 and putting
e = p o o C6 : CD + B ( D 4- ED). This is the de-
notational comonad D, coinduced by p.
Let C freely generate a monad T. In the next sec-
tion, Theorem 7.1 shows that liftings of the comonad
D to the E-algebras are in 1-1 correspondence with lift-
ings ~f the monad T to the B-coalgebras. Therefore,
if C corresponds to some program constructs and B to
some behaviour, every natural transformation p as in
(12) defines also an operational monad, say Tp (with a
slight abuse of notation) ~
As mentioned in $4? for the endofunctor
BX = (PfiX)A on Set the adjunction UB-iGB
exists. The value of the corresponding cofree comonad
D = UBGB at a set X is the set of ‘global behaviours
with states x in X’.Formally, it is a quotient of the
set of rooted, image finite trees, with branches labelled
by a E A , and nodes labelled by x E X; the quotient
is taken with respect to a form of bisimulation taking
into account the name of the nodes [29, $131. The
counit E : D + Id is the operation which extracts the
root from a tree and the comultiplication 6 : D =+ D2
is the operation which replaces the name of every node
in a tree by the subtree starting at that node.
Next, consider rules of type
where the Xk, y i , zi, and wj are all variables, and I and
J are countable, possibly infinite index sets. It is con-
venient to consider the dependency graph [13] of such
a rule, namely the directed graph having the variables
of the rule as nodes, zi -% y i , for i in 1 as ‘positive’
b.
(11) edges, and wj 4 as ‘negative’, targetless edges. A
rule of type (13) is well-founded if all backwards chains
of edges in its dependency graph are finite [13].
Definition 6.1 (Tree rules [lo, 111) A (simple
negative) tree rule is a well-founded rule of type (13)
such that the x k and the y i are all distinct variables
and are the only variables occurring in the rule (ie the
zi and wj are all occurrences of the x k and yi).
A tree rule is safe if the term t either is a variable
z or is of the form xi,. . . ,xi)for some operator
d of the signature and some (not necessarily distinct)
variables 2: . &. I a 0
Tree rules are more general than GSOS: they allow
287
local behaviour (a single transition x --% y ) of the
states like in GSOS, but also at the global one, as in
x -% y --+ b
y'. (See [13] for some examples.) The
safety restriction does not affect the expressive power
of the rules, provided one is allowed to add sufficiently
many auxiliary operators to the signature.
A tree rule (13) has the property that its depend-
ency graph is equal t o the graph reachable from the
nodes X I ,. . . ,z,. Moreover, the subgraph reachable
from a node xk is a tree - the dependency tree with
root Xk. Let us call a set of tree rules allowed if it is an
image finite set (in the sense of $1) of tree rules whose
dependency trees are image finite. Then, an allowed
set R of tree rules defines, for every X , a function
[R]x: C D X + ( P E T X ) ~
as follows.
For all t in T X , c in A, and dk in D X , put
t E IIRnx(.(dl,...,d,))(c)
if and only if there exists a (possibly renamed) rule
(13) in R such that the root of d k is xk, for 1 5 IC 5 n,
and the dependency trees of the rule can be embedded
in the d k (where the convention is that a tree with a
b Given a monad T = ( T , q , p ) and a comonad
negative edge wj can be embedded into d k only if
the variable in d k corresponding to wj does not have
an outgoing edge labelled by b j ) .
Theorem 6.1 (Tree rules are natural) Let D be
the comonad cofreely generated by the endofunctor
B X = ( P E x ) ~ on Set.
For every allowed set p of tree rules the function
[R]xin (14) is natural in X .
Proof. Similar to the proof of naturality in Theorem
1.1. Note the well-foundedness of tree rules is needed.
For instance, the non-well-founded rule with premise
x and conclusion a.x -%nil is not natural be-
-
2
cause: first applying [ a . ] to (x -% y ) and then renam-
ing y as x yields a {z}, while the same operations
but in the reverse order yield a {x,nil}, which fact
violates naturality. 0 o
In particular, if the rules in R are safe, the natural
transformation [RIis of type
C D 3 (",(Id + E))A
Therefore, for every allobed set R of safe tree rules
there exists a transition system which satisfies the
rules, namely T p ( 0 ) where
, p = [R] and Tp is the cor-
responding operational monad. Contrarily to what is
stated in [ll],this fails for (simple negative) tree rules,
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
as the failure t o fit these latter rules in the present the-
ory brought to light. In fact, the safe tree rules them-
selves have been suggested to us by Rob van Glabbeek
as a natural subclass of (negative) tree rules possessing
a satisfying transition system.
7 Combining Operational and Denota-
tional Models
When T is the monad freely generated by an en-
dofunctor C on a category C, then one can easily see
that the category E-Alg of algebras of the endofunc-
tor 'c is isomorphic to the category T-Alg of algebras
of the monad T = (Tg17, p ) , with objects those morph-
isms h : T X + X in C such that h o q x = id and
(14 h o T h = h o p x . Dually, the category B-Coalg of B-
coalgebras is isomorphic to the category D-Coalg of
coalgebras of the comonad D cofreely generated by B
[29, 571. The results in this section should be read up
to these two isomorphisms of categories
C-Alg T-Alg B-Coaig S D-Coalg
"*' Distributive Laws
D = (D,E,S)on a category C, a distributive law [7] of
the T over the comonad D is a natural trans-
formation X : T D + DT satisfying the laws
X O Q D = DQ X o p ~ =D p o X l - o T X
and their dual
T &= ET 0 X DX o AD oTS = 6~ o X
The following theorem may well be folklore.
Theorem 7.1 For a monad T and a comonad D on
the same category, the following notions are mutually
equivalent.
0 Distributive laws X of T over D .
Liftings ? of T to the D-coalgebras.
Liftings 5 of to the T-algebras.
Proof. Given a distributive law A, one can define the
corresponding liftings as follows.
T x ( k ) = Ax o T k Dx(h) = D h o Xx
Conversely, consider a lifting ?-of the comonad
D to the T-algebras, hence UDT = TUD. By
Lemma 1 in [15], this determines a distributive
288
law X of the monad T over the endofunctor model, and the pentagonal law (15) says that the com-
D as follows: first take the natural transforma- bination of the two models satisfies the rules p. Hence-
tion T E: UDFGD= TUDGD= T D T, then trans- * forth such bialgebras are called p-models.
-
pose it across the adjunction U0-l GD obtain-
*
ing 1:TGD GDT, and finally define A to be 7.3 Adequacy Meta-Results
VOX: U D T G D = TD 3 DT. It is easy to prove
that X actually is a distributive law over tke Consider the forgetful functor
whole comonad D. Dually, given a lifting D,
take 70 : D 3 DT = DUTFT = UTDFT, transpose it U’ : A-Bialg + D-Coalg (X, h, k) I+ (X, k)
across FTiUT obtaining : F T D 3 EFT,and define
X to be U T I : UTFTD = T D D T = UTEjFT. The which forgets the algebra structure of a A-bialgebra.
constructions are easily seen to be mutually inverse. 0
Theorem 7.2 U’ has a left adjoint, namely:
When T is syntax and D is (global) behaviour, the
type of the distributive law X might thought of as ‘the
most general type of well-behaved rules’. Note one can (X -% DX) I%
(T2X % TX +
(k)
DTX) TA

also consider monads T corresponding to algebraic the- Proof. Dualise Theorem 4 of [15]and apply it t o
ories, with equations between the derived operators.
(See [29, 8101 for an elementary example.) UX
D-Coaig- Dx-CoaIg
7.2 Bialgebras as Models

Given a distributive law X : T D jDT, one can con-

sider the category A-Bialg of A-bialgebras. Its objects C T-Alg
c---
UT
are pairs TX h,X -% DX of T-algebras and D-
coalgebras with a common carrier X which satisfy the where A-Bialg S Dx-Coalg by Remark 7.1. 0
following ‘pentagonal law’:
Corollary 7.1 The category of A-bialgebras has an
k 0 h = D h o Xx OTIC
initial object, namely FAO,where 0 is the trivial initial
(Cf [28].) This law makes h a coalgebra homomorph- D-coalgebra. 0
ism and k an algebra homomorphism. The morphisms In particular, there exists an initial pmodel, which
f : (X, h, k) -+ (XI, h’, IC‘) of A-Bialg are those morph- can be regarded as the intended operational model over
isms f : X + X’ between the carriers which are both the initial algebra of programs TO. This implies that
T-algebra and D-coalgebra homomorphisms. every pmodel M is adequate with respect to the inten-
ded operational model of p. Indeed, the unique pmodel
Remark 7.1 The A-bialgebras are the same as the a]-
homomorphism to M given by initiality is a denota-
gebras of the monad TAof Theorem 7.1, and, dually,
tional interpretation which preserves the behavioural
the same as the coalgebras of the comonad DA:
distinctions of the intended operational model. This
TA-Alg 2 A-Bialg % DA-Coalg makes M adequate.
Now, consider the ‘dual’ of UA,namely the functor
Remark 7.2 When X is the distributive law induced
by a finite set of concrete GSOS rules, the A-bialgebras UA : A-Bialg -+ T-Alg (X, h, k ) c) (X, h)
are the GSOS-models of [25]. 0
which forgets the D-coalgebra structure of a X-
Given a E-algebra h : E X -+ X , let h* : TX + X bialgebra. Correspondingly, the following is dual to
be its inductive extension to a T-algebra. When X is Theorem 7.2.
induced by some abstract operational rules p, no mat-
ter whether of type (8) or the dual (12), A-bialgebras Theorem 7.3 UA has a right adjoint, namely:
are equivalent to pairs E X h,X -% BX such that
(TX -% X ) %t (TDX D +
A(h)
DX 6x,D2X)
k o h = B(h*) o p x o E ( i d ,k ) (15)
Corollary 7.2 The category of A-bialgebras has a fi-
The algebra structure can be thought of as a denota- nal object, namely Gxl, where 1 is the trivial final
tional model, the coalgebra structure as an operational T-algebra. cl

289
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
 In particular, there exists a final pmodel which is
the canonical denotational model for p; it has the final
D-coalgebra as carrier which, as mentioned in $4, is in-
ternally fully abstract with respect to B-bisimulation.
The construction 1 e G e l = ( D l , De(l),SI) general-
ises the ‘processes as terms’ construction of [22], which
is a systematic method for deriving adequate denota-
tional models from ‘tyft rules’ [13] (a class of rules equi-
valent to the tree rules without negative premises [lo]).
For more details, see [30].
Corollary 7.3 The unique (both by initiality and fi-
nality) homomorphism from the initial to the final p
model is both the initial algebra semantics and the final
coalgebra semantics for p . 0 transitional approach considered here and others, such
The above, say, universal semantics for p is thus
a compositional interpretation of the programs which
preserves their behavioural distinctions. In Set, the
latter means that two programs with the same univer-
sal semantics are B-bisimilar. One can easily see that,
under the additional hypothesis that B preserves weak
pullbacks, the converse also holds: two programs have
the same universal semantics if and only if they are
B-bisimilar. In other words:
Corollary 7,4 If B preserves weak pullbacks, the uni-
versal semantics associated to some abstract rules p is
fully abstract with respect to B-bisimulation. 0
Next, recall Definition 4.1: by replacing spans of
coalgebra homomorphisms with spans of T-algebra ho-
momorphisms, one has a corresponding notion of T -
congruence which specialises to the ordinary notion
of congruence. Similarly, by considering spans of X-
bialgebra homomorphisms one has a notion of, say, X-
bicongruence and a corresponding category. We can
ask then whether there exists a final bicongruence for
a X-bialgebra. Now, if pullbacks of cospans of carri-
ers of B-coalgebras are B-bisimulations, then, by the
universal property of pullbacks, a final B-bisimulation
between two coalgebras exists: it is the pullback of the
respective unique coalgebra homomorphisms to the fi-
nal coalgebra. This is a T-congruence as well, because
the forgetful functor UT : T-Alg -+ C creates limits.
Therefore, by definition of final bialgebra:
Corollary 7.5 If B preserves weak pullbacks, then
every X-bialgebra has a final bicongruence. U J.C.M. Baeten and W.P. Weijland. Process Al-
In particular, the behavioural endofunctor B in (2) pre-
serves weak pullbacks, hence the above corollary spe-
cialises to the well-known fact that (strong) bisimula-
tion is a congruence for GSOS and tree rules.
290
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
f i ture Work
The major challenge ahead is the operational se-
mantics of the languages with variable binders, such
as the n-calculus and the X-calculus. (At the moment,
by working in a suitable functor category, we are able
to give a functorial description of syntax with variable
binders, but it is not yet clear whether this fits our pur-
poses.) We would also like to obtain adequacy results
when working in categories of partial maps.
There is an obvious question about Moggi’s compu-
tational monads [19] and our behaviour functors which
remains t o be investigated. In a different direction, we
would like to understand the relationship between the
as the the reductional one arising in the X-calculus and
term-rewriting in general.
Further developments of the present theory could
lead to applications in modular compiler development
technology. Perhaps there will be a useful theory of
the combination of operational semantics of different
languages (cf [18]). Again, perhaps one can relate the
operational semantics of a language with that of its
translation into another target language (cf [26]).
Acknowledgements. Thanks to Marcel0 Fiore and
Alex Simpson for discussions. Part of this study is
based on the first author’s thesis; he wishes to thank
Jaco de Bakker and Bart Jacobs for their guidance.
References
S. Abramsky. A domain equation for bisimulation.
Information and Computation, 92:161-218, 1991.
P. Aczel. Non-well-founded sets. Number 14 in
Lecture Notes. CSLI, 1988.
P. Aczel. Final universes of processes. In Math-
ematical Foundations of Programming Semantics,
Proc. 9th Int. Conf., volume 802 of LNCS, pages
1-28. Springer-Verlag, 1994.
P. Aczel and N. Mendler. A final coalgebra the-
orem. In D.H. Pitt et al., editors, Proc. category
theory and computer science, volume 389 of LNCS,
pages 357-365. Springer-Verlag, 1989.
gebra. Cambridge University Press, 1990.
M. Barr. Terminal coalgebras in well-founded
set theory. Theoretical Computer Science,
144(2):299-315, 1993.
[7] Jon Beck. Distributive laws. In B. Eckmann, ed-
itor, Seminar on Triples and Categorical Homo-
logy Theory, volume 80 of Lecture Notes in Math-
ematics, pages 119-140. Springer-Verlag, 1969.
B. Bloom, S. Istrail, and A.R. Meyer. Bisimulation
can’t be traced. Journal of the ACM, 42(1):232-
268, jan 1995. A preliminary report appeared in
Proc. 3rd LICS, pages 229-239,1988.
J.R.B. Cockett and D.A. Spooner. Categories for
synchrony and asynchrony. Electronic Notes in
Theoretical Computer Science, 1, 1995.
W. Fokkink. The tyft/tyxt format reduces to tree
rules. In M. Hagiya and J.C. Mitchell, editors,
Proc. TACSgd, number 789 in LNCS, pages 440-
453. Springer-Verlag, 1994.
W. Fokkink and R. van Glabbeek. Ntyftjntyxt
rules reduce to ntree rules. Information and Com-
putation, 126(1):1-107 1996.
J.A. Goguen, J.W. Thatcher, and E.G. Wagner.
An initial algebra approach to the specification,
correctness and implementation of abstract data
types. In R.T. Yeh, editor, Current Trends an Pro-
gramming Methodology, volume IV, pages 80-149.
Prentice Hall, 1978.
J.F. Groote and F. Vaandrager. fhuAUred OP-
erational semantics and bisimulation as a congru-
ence. Information and Computation, 100(2):202-
260, 1992.
M.C.B. Hennessy and G.D. Plotkin. Full abstrac-
tion for a simple parallel programming language.
In J. BeEvbf, editor, Broc. 8th MFCS, volume 74
of LNCS, pages 108-120. Springer-Verlag, 1979.
P.T. Johnstone. Adjoint lifting theorems for cat-
egories of algebras. Bull. London Math. Soc.,
7:294-297, 1975.
A. Joyal, M. Nielsen, and G. Winskel. Bisim-
ulation and open maps. In Proc. Eighth IEEE
Symp. on Logic In Computer Science, pages 418-
427, 1993.
R. Milner. A Calculus of Communicating Systems,
volume 92 of LNCS. Springer-Verlag, 1980.
E. Moggi. A category-theoretic account of pro-
gram modules. Mathematical Structures in Com-
puter Science, 1, 1991.
E. Moggi. Notions of computation and monads.
Information and Computation, 93:55-92, 1991.
29 1
Authorized licensed use limited to: Georgetown University. Downloaded on October 01,2024 at 19:49:54 UTC from IEEE Xplore. Restrictions apply.
[20] A. M. Pitts. Categorical logic. Technical Report
367, University of Cambridge Computer Laborat-
ory, May 1995.
[21] G.D. Plotkin. A structural approach to opera-
tional semantics. Technical Report DAIMI FN-
19, Computer Science Department, Aarhus Uni-
versity, 1981.
e221 J. Rutten. Processes as terms: non-well-founded
models for bisimulation. Mathematical Structures
in Computer Science, 2:257-275, 1992.
[23] J. Rutten and D. Turi. Initial algebra and final
coalgebra semantics for concurrency. In 9. de Bak-
ker et al., editors, Proc. of the REX workshop
A Decade of Concurrency - Reflections and Per-
spectives, volume 803 of LNCS, pages 530-582.
Springer-Verlag, 1994.
[24] D, Scott. Outline of a mathematical theory of
computation. In Proc. 4th Annual Princeton Con-
ference on Inf. Sciences and Systems, pages 169-
176, 1970.
1251 A.K. Simpson. Compositionality via cut-
elimination: Hennessy-Milner logic for an arbit-
rary GSOS. In Proc. Tenth IEEE Symp. on Logic
In Computer Science, 1995.
[26] C. Stone and R. Harper. A type-theoretic account
of Standard ML 1996. Technical Report CMU-CS-
96-136, Computer Science Department, Carnegie-
Mellon University, 1996.
[27] R. Street. The formal theory of monads. Journal
~fPure and Applied Algebra, 2:149-168, 1972.
[28] M.E. Sweedler. Hopf Algebras. W.A. Benjamin
Inc., New York, 1969.
[29] D. Turi. Functorial Operational Semantics and
its Denotational Dual. PhD thesis, Free Uni-
versity, Amsterdam, June 1996. Accessible from
<http://www.dcs.ed.ac.uk/home/dt/>.
1301 D. Turi. Categorical modelling of structural opera-
tional rules: case studies. Preprint, accessible from
< h t t p : //www. dcs. ed. ac .uk/home/dt/>, March
1997.
6311 G. Winskel and M. Nielsen. Models for concur-
rency. In S. Abramsky et al., editors, Handbook
of logic in computer science, volume 4. Clarendon
Press, Oxford, 1995.