Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

1 Introduction

Coalgebraic logic as introduced by D. Pattinson [6] and refined by L. Schröder [9], has been very successful in providing a common framework for quite a variety of modal logics, see for instance [2, 5], or [11]. In many cases, the type functor, used to model such coalgebras preserves weak pullbacks, so logical equivalence can be modeled by structural relations called bisimulations. Two states related by a bisimulation are equivalent. In a recent paper Gorín and Schröder have introduced a notion of \(\lambda \)-simulation, where \(\lambda \) is a (set of) predicate lifting(s). Their definition is set theoretical and their proofs are calculational. In all of their results they assumed that all predicate liftings are monotonic.

Here we offer a different notion of simulation, which we call strong simulation. The definition is amenable to diagrammatical reasoning, whose utility we show in a number of proofs. Moreover, we show that under the assumption of monotonicity our definition coincides with that of [3]. Since they used monotony as a general hypothesis in their work, their results could be proved as well with our definition. We relate our strong simulations to the notion of Aczel-Mendler bisimulation (called \(F\)-bisimulation) and to (generalized) congruences.

2 Basic Notions and Preparations

Given a binary relation \(R\subseteq A\times B\), let \(R^{-}\subseteq B\times A\) be the converse relation. If \(S\subseteq B\times C\) is another relation, then \(R\circ S:=\{(a,c)\mid \exists b\;{\in }\; B.aRb\wedge bSc\}\) is called the composition of \(R\) and \(S\). Obviously, \(\circ \) is associative and \((R\circ S)^{-}=S^{-}\circ R^{-}\).

For \(R\subseteq A\times A\), a relation on a set \(A,\) notice that \(R\) is transitive iff \(R\circ R\subseteq R\). Let \(R^{\star }\subseteq A\times A\) be the reflexive transitive closure of \(R\). The smallest equivalence relation containing \(R\) is \(R^{eq}:=(R\cup R^{-})^{\star }\). It is well known that kernels of maps are equivalence relations, where for a map \(f:A\rightarrow B\) the kernel is defined as

$$ ker\, f:=\{(a,a')\mid f(a)=f(a')\}, $$

and conversely, any equivalence relation \(E\subseteq A\times A\) is the kernel of the projection map \(\pi _{E}:A\rightarrow A/E\), sending each element \(a\;{\in }\; A\) to \(a/E\), its equivalence class under \(E\). With \(\varDelta _{A}\) we denote the identity relation on a set \(A\).

2.1 Difunctionality

Difunctional relations are generalizations of equivalence relations, for the case of relations \(R\subseteq A\times B\) between possibly different sets. Reflexivity, symmetry and transitivity make no sense for such relations, so a possible generalization is:

Definition 1

A relation \(R\subseteq A\times B\) is called difunctional, if it satisfies:

$$ (a_{1},b_{1}),(a_{2},b_{1}),(a_{2},b_{2})\;{\in }\; R\implies (a_{1},b_{2})\;{\in }\; R. $$

Immediately from the definition we see ([7]):

Lemma 1

\(R\) is difunctional \(\iff R\circ R^{-}\circ R\subseteq R \iff R^{-}\circ R\circ R^{-}\subseteq R^{-} \iff R^{-}\) is difunctional. The difunctional closure of a relation \(R\) is obtained as \(R^{d}:=R\circ (R^{-}\circ R)^{\star }=(R\circ R^{-})^{\star }\circ R\).

Each equivalence relation on \(A\) is obviously difunctional. More generally, let \(f:A\rightarrow C\) and \(g:B\rightarrow C\) be two maps then we define

$$ ker(f,g):=\{(a,b)\;{\in }\; A\times B\mid f(a)=g(b)\}. $$

It is easy to see that \(ker(f,g)\) is a difunctional relation, and, in perfect analogy to the situation with equivalence relations, every difunctional relation arises that way:

Lemma 2

A relation \(R\subseteq A\times B\) is difunctional, if and only if there are maps \(f:A\rightarrow C\), \(g:B\rightarrow C\) with \(R=ker(f,g)\).

Proof

Let \(R\subseteq A\times B\) be difunctional. Let \(e_{A}:A\rightarrow A+B\) and \(e_{B}:B\rightarrow A+B\) be the canonical inclusions of \(A\) and \(B\) into their sum. On \(A+B\) define

$$ \bar{R}:=\{(e_{A}(x),e_{B}(y))\mid (x,y)\;{\in }\; R\}. $$

Obviously, \(\bar{R}\) is difunctional, so

$$ \bar{R}\circ \bar{R}^{-}\circ \bar{R}\subseteq \bar{R}\;\text {and}\;\bar{R}^{-}\circ \bar{R}\circ \bar{R}^{-}\subseteq \bar{R}^{-}. $$

Moreover, \(\bar{R}\circ \bar{R}=\emptyset =\bar{R}^{-}\circ \bar{R}^{-}\) by construction. Therefore,

$$ E:=\varDelta _{A+B}\cup \bar{R}\cup \bar{R}^{-}\cup \bar{R}\circ \bar{R}^{-}\cup \bar{R}^{-}\circ \bar{R} $$

is an equivalence relation, since one easily calculates \(E\circ E\subseteq E\). Notice that

$$ (e_{A}[A]\times e_{B}[B])\cap E=\bar{R}. $$

With the projection \(\pi _{E}:A+B\rightarrow (A+B)/E\) it is now easy to calculate:

$$\begin{aligned} (x,y)\;{\in }\; ker(\pi _{E}\circ e_{A},\pi _{E}\circ e_{B})&\iff (e_{A}(x),e_{B}(y))\;{\in }\; E\\&\iff (e_{A}(x),e_{B}(y))\;{\in }\;\bar{R}\\&\iff (x,y)\;{\in }\; R. \end{aligned}$$

Thus, \(R=ker(f,g)\) where \(f\) and \(g\) are constructed as the pushout of the projections \(\pi _{A}^{R}:R\rightarrow A\) and \(\pi _{B}^{R}:R\rightarrow B\).

More generally, if \(f:A\rightarrow C\) and \(g:B\rightarrow D\), then any difunctional relation \(R\subseteq C\times D\) gives rise to a difunctional relation \(ker(f,g)_{R}:=\{(a,b)\mid f(a)\, R\, g(b)\}\subseteq A\times B\}\).

2.2 Directed Diagrams

Each map \(\theta :A\rightarrow 2\), where \(2=\{0,1\}\) is understood as an ordered set, is called a predicate. The carrier of predicate \(\theta :A\rightarrow 2\) is the subset

$$ [\![\theta ]\!]:=\{a\;{\in }\; A\,\mid \theta (a)=1\} $$

and conversely, every subset \(U\subseteq A\) arises as \(U=[\![\chi _{U}]\!]\) from its characteristic function \(\chi _{U}\). We shall often use the same symbol for a predicate and its carrier, such as in \(\square :F(2)\rightarrow 2\) and \(\square \subseteq F(2)\).

It is sometimes convenient to write \(a\;{\models }\;\theta \) rather than \(\theta (a)=1\) or \(a\;{\in }\;\theta \). Similarly, \(A\;{\models }\;\theta \) means that \(a\;{\models }\;\theta \) for each \(a\;{\in }\; A.\)

We say \(\theta \implies \psi \) provided \([\![\theta ]\!]\subseteq [\![\psi ]\!]\). It will be convenient to encode this diagrammatically, where the inclusion is indicated by an upwards arrow, as in

Establishing such a diagram amounts to showing that for any \(a\;{\in }\; A\), taking the lower path in the diagram yields a result which is smaller than or equal to the result obtained by the upper path, i.e. \(\theta (a)\le \psi (a)\) for all \(a\;{\in }\; A.\) We generalize this notation in the following way:

Definition 2

Given a relation \(S\) between sets \(A\) and \(B\) and predicates \(\theta :A\rightarrow 2\) and \(\psi :B\rightarrow 2\), we introduce

$$\begin{aligned} \theta \mathop {\Longrightarrow }\limits ^{S}\psi \,\,\,\,:\iff \,\,\,\,\forall (x,y)\;{\in }\; S.\,(\, x\;{\models }\;\theta \implies y\;{\models }\;\psi \,) \end{aligned}$$
(2.1)

which may be spelled as “\(\theta \) implies \(\psi \) modulo \(S\)”. With our above notation, we can visualize \(\theta \mathop {\Longrightarrow }\limits ^{S}\psi \) by the following “upwards-commuting” diagram

Notice that with \(A=B\) and \(S=\varDelta _{A}\), we have \(\theta \implies \psi \) being the same as \(\theta \mathop {\implies }\limits ^{\varDelta _{A}}\psi \).

Interpreting a relation \(S\subseteq A\times B\) as a map between the powersets \(S:\mathbb {P}(A)\rightarrow \mathbb {P}(B)\), via \(S(U):=\{b\;{\in }\; B\mid \exists a\;{\in }\; U.(a,b)\;{\in }\; S\}\), we could equivalently write:

$$ \theta \mathop {\Longrightarrow }\limits ^{S}\psi \iff S([\![\theta ]\!])\subseteq [\![\psi ]\!]. $$

This shows that this notation is closely related to the notation of Hoare triples, where the relation \(S\) would be given as the semantics of an imperative program. We can immediately gather a number of simple properties inspired by this association. These correspond to the rules of precondition strengthening/postcondition weakening and sequencing:

Lemma 3

 

  1. 1.

    \(\theta '\subseteq \theta \mathop {\Longrightarrow }\limits ^{S}\psi \) implies \(\theta '\mathop {\Longrightarrow }\limits ^{S}\psi \)

  2. 2.

    \(\theta \mathop {\Longrightarrow }\limits ^{S}\psi \subseteq \psi '\) implies \(\theta \mathop {\Longrightarrow }\limits ^{S}\psi '\)

  3. 3.

    \(\theta \mathop {\implies }\limits ^{R}\varphi \) and \(\varphi \mathop {\implies }\limits ^{S}\psi \) implies \(\theta \mathop {\implies }\limits ^{R\circ S}\psi \)

Proof

The first two claims can be readily obtained by gluing diagrams where we use the obvious naming conventions for the projections of a relation to its components:

For the third claim, we note that if \(R\bowtie S\) is the pullback of \(\pi _{B}^{R}\) with \(\pi _{B}^{S}\), then \(R\circ S\) is the image obtained by factoring the span \((R\bowtie S,\pi _{C}^{R\bowtie S},\pi _{C}^{R\bowtie S})\) into an epi followed by a mono source:

Explicitly, an upwards diagram chase, for instance in the right diagram, would be:

$$\begin{aligned} \theta \circ \pi _{A}^{R\circ S}\circ p&= \theta \circ \pi _{A}^{R}\circ \pi _{R}^{R\bowtie S}\\&\le \varphi \circ \pi _{B}^{R}\circ \pi _{R}^{R\bowtie S}\\&= \varphi \circ \pi _{B}^{S}\circ \pi _{S}^{R\bowtie S}\\&\le \psi \circ \pi _{C}^{S}\circ \pi _{S}^{R\bowtie S}\\&= \psi \circ \pi _{C}^{R\circ S}\circ p. \end{aligned}$$

Cancelling the epi \(p\) results in \(\theta \circ \pi _{A}^{R\circ S}\le \psi \circ \pi _{C}^{R\circ S}\).

3 Functors, Coalgebras and Bisimulations

Let \(F:Set\rightarrow Set\) be an endofunctor on the category of sets. We shall write \(F(X)\) for the action of \(F\) on an object \(X\) and \(Ff\) for the action of \(F\) on a map \(f\).

Typical endofunctors describe set-theoretical constructions, such as sets, lists, tuples, bags, etc. In programming they include all generic collection classes such as \(\mathtt{List{<}X{>} }, \mathtt{Set{<}X{>} }, \mathtt{Bag{<}X{>} }\) etc. The action of \(F\) on a map \(f:X\rightarrow Y\) is generically called : map f. It will be useful to keep the following visualization in mind:

  • \(F\) defines a type of “constructions”.

  • Elements of \(F(X)\) are those “constructions” whose elements are drawn from a set \(X\); we will call them \(X-patterns\).

  • Given a map \(f:X\rightarrow Y,\) the map \(Ff:F(X)\rightarrow F(Y)\) acts on an \(X\)-pattern \(p\;{\in }\; F(X)\) by replacing in \(p\) each \(x\) by \(f(x)\).

  • A pattern \(p\;{\in }\; F(X)\) is finite, if there is a subset \(\{x_{1},\ldots ,x_{n}\}\subseteq X\) such that \(p\;{\in }\; F(\{x_{1},\ldots ,x_{n}\})\). In this case, we write \(p=p(x_{1},\ldots ,x_{n})\) and we let \(p(f(x_{1}),\ldots ,f(x_{n}))\) denote \((Ff)p(x_{1},\ldots ,x_{n})\).

  • In particular, if \(\theta :X\rightarrow 2\) is a predicate, then \(F\theta \) acts on an element \(p\;{\in }\; F(X)\) by replacing in \(p\) each \(x\) by \(1\) if \(x\;{\models }\;\theta \) and by \(0\) otherwise.

  • If \(p=p(x_{1},\ldots ,x_{n})\), then \((F\theta )p(x_{1},\ldots ,x_{n})=p(\theta (x_{1}),\ldots ,\theta (x_{n}))\) is called a \(0-1-pattern\).

If \(f:X\rightarrow Y\) is injective and \(X\ne \emptyset \), then \(f\) is left-invertible, hence \(Ff\) is injective, too. \(F\) can always be modified just on the empty set and on empty mappings, so that it preserves injectivity for all mappings, including the empty one, see [13]. We therefore assume for the rest of this article, that \(F\) preserves all monos.

3.1 Coalgebras

Definition 3

An \(F\)-coalgebra \(\mathcal {A}=(A,\alpha )\) consists of a set \(A\) and a map \(\alpha :A\rightarrow F(A)\). \(A\) is called the base set and \(\alpha \) the structure map. The functor \(F\) is called the type of coalgebra \(\mathcal {A}\).

We shall keep \(F\) fixed and consider only coalgebras of that given type \(F\).

Definition 4

A map \(\varphi :A\rightarrow B\) between two coalgebras \(\mathcal {A}=(A,\alpha )\) and \(\mathcal {B}=(B,\beta )\) is called a homomorphism, if \(\beta \circ \varphi =F\varphi \circ \alpha \).

The functor properties immediately guarantee that the class of all \(F\)-coalgebras with homomorphisms as morphisms forms a category \(Set_{F}\). The forgetful functor \(U:Set_{F}\rightarrow Set\) which associates with every coalgebra \(\mathcal {A}\) its underlying set \(A\) and with every homomorphism its underlying map is known to create and preserve colimits [8], so in particular the category \(Set_{F}\) is cocomplete and colimits have the same underlying set and mappings as the corresponding colimits in \(Set.\)

Example 1

Kripke frames are coalgebras of type \(\mathbb {P}\) where \(\mathbb {P}\) is the covariant powerset functor, acting on a map \(f:X\rightarrow Y\) as \(\mathbb {P}f:\mathbb {P}(X)\rightarrow \mathbb {P}(Y)\) where \((\mathbb {P}f)(U):=f[U]:=\{f(u)\mid u\;{\in }\; U\}\) for any \(U\;{\in }\;\mathbb {P}(X)\).

Kripke structures come with a fixed set \(V\) of atomic properties, so they are modeled as coalgebras of type \(\mathbb {P}(-)\times \mathbb {P}(V)\), where the second component is simply a constant. A coalgebra of type \(\mathbb {P}(-)\times \mathbb {P}(V)\) is therefore a base set \(A\) with a structure map \(\alpha :A\rightarrow \mathbb {P}(A)\times \mathbb {P}(V)\). Its first component associates to a state \(a\;{\in }\; A\) the set of its successors \(succ_{A}(a):=(\pi _{1}\circ \alpha )(a)\) and its second component yields the set of all atomic values \(val_{A}(a):=(\pi _{2}\circ \alpha )(a)\) which are true for \(a\).

Homomorphisms \(\varphi :A\rightarrow B\) between Kripke frames, resp. Kripke structures are also known as bounded morphisms. They are maps preserving and reflecting successors and atomic values in the following sense: \(\varphi [succ_{A}(a)]=succ_{B}(\varphi (a))\) and \(val_{A}(a)=val_{B}(\varphi (a))\).

3.2 Bisimulations

In the structure theory of coalgebras, bisimulations play the role of compatible relations.

Definition 5

([1]) A bisimulation between coalgebras \(\mathcal {A}\) and \(\mathcal {B}\) is a relation \(R\subseteq A\times B\) for which there exists a coalgebra structure \(\rho :R\rightarrow F(R)\) such that the projections \(\pi _{A}^{R}:R\rightarrow A\) and \(\pi _{B}^{R}:R\rightarrow B\) are homomorphisms.

Typical bisimulations are graphs of homomorphisms \(G(\varphi ):=\{(a,\varphi (a))\mid a\;{\in }\; A\}\). In fact, a map \(f:A\rightarrow B\) is a homomorphism iff its graph is a bisimulation ([8]). If \(R\subseteq A\times B\) is a bisimulation between coalgebras \(\mathcal {A}\) and \(\mathcal {B}\), then there could be several possible structure maps \(\rho :R\rightarrow F(R)\) establishing that \(R\) is a bisimulation.

The empty relation \(\emptyset \subseteq A\times B\) is always a bisimulation and (more generally) the union of bisimulations is a bisimulation, so that bisimulations between \(\mathcal {A}\) and \(\mathcal {B}\) form a complete lattice with largest element called \(\sim _{\mathcal {A},\mathcal {B}}.\)

The following proposition will be needed later in the proof of Theorem 3. It shows that bisimulations can be enlarged as long as the structure maps are not affected in the following sense:

Proposition 1

Let \(\mathcal {A}_{1}\) and \(\mathcal {A}_{2}\) be coalgebras with corresponding structure maps \(\alpha _{1}\) and \(\alpha _{2}\). Let \(R\subseteq \mathcal {A}_{1}\times \mathcal {A}_{2}\) be a bisimulation and \(R'\) an enlargement i.e. \(R\subseteq R'\subseteq ker\,\alpha _{1}\circ R\circ ker\,\alpha _{2}\). Then \(R'\) is also a bisimulation.

Proof

\(R\) is a bisimulation, so there exists a structure map \(\rho :R\rightarrow F(R)\) with \(\alpha _{i}\circ \pi _{i}^{R}=F\pi _{i}^{R}\circ \rho \). Let \(\iota :R\rightarrow R'\) be the inclusion map, then clearly \(\pi _{i}^{R}=\pi _{i}^{R'}\circ \iota \). By assumption, we find for every \((x',y')\;{\in }\; R'\) a pair \((x,y)\;{\in }\; R\) such that \(\alpha _{1}(x)=\alpha _{1}(x')\) and \(\alpha _{2}(y)=\alpha _{2}(y').\) The axiom of choice provides for a map \(\mu :R'\rightarrow R\) satisfying

$$ \alpha _{i}\circ \pi _{i}^{R'}\circ \iota \circ \mu =\alpha _{i}\circ \pi _{i}^{R'}. $$

We now define \(\rho ':R'\rightarrow F(R')\) by \(\rho ':=F\iota \circ \rho \circ \mu \).

The rest is a simple calculation.

Corollary 1

Let \(\mathcal {A}=(A,\alpha )\) be a coalgebra, then every reflexive relation \(R\subseteq ker\,\alpha \) is a bisimulation.

Proof

Since \(\varDelta \subseteq A\) is always a bisimulation, we have \(\varDelta \subseteq R\subseteq ker\,\alpha =ker\,\alpha \circ ker\,\alpha =ker\,\alpha \circ \varDelta \circ ker\,\alpha \), because \(ker\,\alpha \) is transitive.

3.3 Predicate Liftings and Boxes

We denote the contravariant powerset functor by \(2^{-}.\) Thus \(2^{X}\) is the set of all subsets of \(X\) and a map \(f:X\rightarrow Y\) induces a map \(2^{f}:2^{Y}\rightarrow 2^{X}\) via \(2^{f}(V):=f^{-1}[V]\). If we consider the elements of \(2^{Y}\) as predicates \(\tau :Y\rightarrow 2\), we can write \(2^{f}(\tau )=\tau \circ f\), or \(2^{f}=(-)\circ f\).

The classical Kripke style modal logic introduces formulae expressing properties holding for all successors of a point \(x\). If \(\varphi \) is a state formula then \(\square \varphi \) holds at \(x\) if \(\varphi \) holds for each successor \(x'\) of \(x.\) The set of all successors of a point \(x\) is \(\alpha (x)\;{\in }\;\mathbb {P}(X)\), in the case of Kripke frames. Thus \(\square \) can be understood as lifting a property \(\varphi \) from the base set \(A\) to a property \(\lambda _{A}(\varphi )\subseteq \mathbb {P}(A)\), so \(x\;{\models }\;\square \varphi \) iff \(\alpha (a)\) satisfies the lifted property \(\lambda _{A}(\varphi )\). Generalizing this observation, Pattinson [6] introduced predicate liftings \(\lambda _{A}:2^{A}\rightarrow 2^{F(A)}\) as natural transformations between the contravariant powerset functors \(2^{(-)}\) and \(2^{F(-)}.\)

Definition 6

A predicate lifting \(\lambda \) for \(F\) is a natural transformation \(\lambda :2^{-}\rightarrow 2^{F(-)}\) where the latter is the composition of the functor \(F\) with \(2^{-}\). For each \(X\) denote by \(\lambda _{X}\) its \(X\)-component \(\lambda _{X}:2^{X}\rightarrow 2^{F(X)}\).

The idea is that every property for elements of a set \(X\) is transformed to a property for elements of \(F(X)\).

By the Yoneda lemma, such a natural transformation \(\lambda \) is uniquely determined by the action of \(\lambda _{2}\) on the input \(id_{2}\) where \([\![id_{2}]\!]=\{1\}\subseteq 2\), i.e. by \(\lambda _{2}(id_{2}):F(2)\rightarrow 2,\) which is a predicate on \(F(2)\). This was observed in [9]. We shall from now on write \([\lambda ]\) or simply \(\square \), if \(\lambda \) is understood, for this predicate.

Conversely, given a predicate \(\square :F(2)\rightarrow 2\) on \(F(2)\), then \(\theta \mapsto \square \circ F\theta \) defines a predicate transformer, and it is easy to see that \(id_{2}\) is sent to \(\square \) again.

Intuitively, we think of \(\square \subseteq F(2)\) as a selection of \(0-1-patterns.\) The map \(\lambda _{A}\) of the corresponding predicate transformer \(\lambda \), when applied to \(\theta \;{\in }\;2^{A}\) takes an \(A\)-pattern \(p(a_{1},\ldots ,a_{n})\;{\in }\; F(A)\) to \(1\) if \(p(\theta (a_{1}),\ldots ,\theta (a_{n}))\;{\in }\;\square \), and to \(0\) otherwise.

In this paper we prefer to deal with predicates \(\square :F(2)\rightarrow 2\) rather than with predicate transformers \(\lambda :2^{(-)}\rightarrow 2^{F(-)}\). Ignoring for a moment the map \(\alpha \), the following figure visualizes the translation between these two views.

Let us now consider \(F\)-coalgebras \(\mathcal {A}=(A,\alpha )\), where \(\alpha :A\rightarrow F(A)\) is the structure map. Every predicate transformer, i.e. every predicate \(\square \) on \(F(2)\) defines a modality.

Definition 7

Given a predicate \(\theta \) on \(\mathcal {A}=(A,\alpha )\), denote by \(\square \theta \) the predicate \(\square \circ F\theta \circ \alpha \), that is for any \(a\;{\in }\; A\) we define

$$ a\;{\models }\;\square \theta :\iff (\square \circ F\theta \circ \alpha )(a)=1. $$

3.4 Coalgebraic Modal Logic

Given any choice of predicate liftings, equivalently, any choice of boxes \(\square _{i}:F(2)\rightarrow 2\), \(i\;{\in }\; I\), we obtain a logic \(\mathcal {L}\) (see [6]) whose formulae are defined inductively by

$$ \varphi \;{::=}\; \top \,|\,\varphi _{1}\vee \varphi _{2}\,\mid \,\varphi _{1}\wedge \varphi _{2}\,\mid \lnot \varphi \,\mid \,\square _{i}\varphi \text { for each }i\;{\in }\; I $$

A formula is called positive, if it has no occurrence of \(\lnot .\)

Given a coalgebra \(\mathcal {A}=(A,\alpha )\) each formula defines a predicate \(\varphi _{\mathcal {A}}:A\rightarrow 2\), where the propositional connectors have their obvious interpretation and \((\square _{i}\varphi )_{\mathcal {A}}:=\square _{i}\circ (F\varphi _{\mathcal {A}})\circ \alpha \), which is short for saying

$$ a\;{\models }\;\square _{i}\varphi :\iff (F\varphi _{\mathcal {A}}\circ \alpha )(a)\;{\in }\;\square _{i}. $$

4 Simulations

Given a predicate lifting \(\lambda \), a \(\lambda \)-simulation \(S\) between coalgebras \(\mathcal {A}=(A,\alpha )\) and \(\mathcal {B}=(B,\beta )\) was defined in [3] as a relation \(S\subseteq A\times B\) such that for any \((x,y)\;{\in }\; S\) and any predicate \(\theta :A\rightarrow 2\) one has \(\alpha (x)\;{\models }\;\lambda _{A}(\theta )\implies \beta (y)\;{\models }\;\lambda _{B}(S[\theta ])\), where \(S[\theta ]\) is defined as \(b\;{\models }\; S[\theta ]:\iff \exists a\;{\in }\; A.(aSb\wedge a\;{\models }\;\theta ).\) Most of the results in [3] assume that \(\lambda \) is monotonic, a notion to be discussed in Sect. 4.2. Amongst other things, for instance they prove:

  • if \(\lambda \) is monotonic then bisimulations are \(\lambda \)-simulations

  • if \(\lambda \) is monotonic, then each \(\lambda \)-simulation preserves positive formulae.

The proofs, in each case, are set theoretical, so it is difficult to see how the notions and results could possibly be lifted to situations beyond set-theoretical categories. Therefore, we introduce a new definition of “strong” simulation which has the advantage that

  • proofs are diagrammatical

  • monotonicity need not be assumed.

For notational reasons, we shall from now on fix a certain \(\square \) and define simulations relative to that \(\square \). Thus a “simulation” is the same as a \(\lambda \)-simulation from [3] with \(\lambda \) the predicate lifting defined by \(\square \). Next we shall define our new notion of “strong simulation”. It will turn out that monotonicity is the property relating simulations with strong simulations, see Theorem 2 below.

4.1 Strong Simulations

A strong simulation between coalgebras \(\mathcal {A}=(A,\alpha )\) and \(\mathcal {B}=(B,\beta )\) is a relation \(S\subseteq A\times B\) such that for any predicates \(\theta :A\rightarrow 2\) and \(\psi :B\rightarrow 2\) we have

$$ \theta \mathop {\implies }\limits ^{S}\psi \text { implies }\square \theta \mathop {\implies }\limits ^{S}\square \psi . $$

Diagrammatically:

Clearly, every strong simulation is a simulation. This is because the diagram in the premise, above, is trivially satisfied with \(\psi =S[\theta ]\).

Lemma 4

Strong simulations are closed under unions and relational composition, i.e. if \(R\subseteq A\times B\) and \(S\subseteq B\times C\) are strong simulations, then so is \(R\circ S\subseteq A\times C\).

Proof

Closure under unions is easily checked. For closure under relational composition, let \(\theta \mathop {\Longrightarrow }\limits ^{R\circ S}\psi \) be given. Obviously, then \(\theta \mathop {\Longrightarrow }\limits ^{R}R[\theta ]\) and \(R[\theta ]\mathop {\Longrightarrow }\limits ^{S}\psi \). Assuming that \(R\) and \(S\) are simulations, we obtain \(\square \theta \mathop {\Longrightarrow }\limits ^{R}\square R[\theta ]\) as well as \(\square R[\theta ]\mathop {\Longrightarrow }\limits ^{S}\square \psi \), so Lemma 3 yields \(\square \theta \mathop {\Longrightarrow }\limits ^{R\circ S}\square \psi \).

Simulations have a preferred direction. This is emphasized by the following logical fact:

Theorem 1

Strong simulations preserve positive formulae.

Proof

Let \(S\) be a strong simulation between coalgebras \(\mathcal {A}\) and \(\mathcal {B}\), and \((x,y)\;{\in }\; S\). By structural induction, we show that for any positive formula \(\phi \) we have: \(x\;{\models }\;\phi \implies y\;{\models }\;\phi ,\) that is we need to show \(\phi _{\mathcal {A}}\mathop {\implies }\limits ^{S}\phi _{\mathcal {B}}\). The only interesting case is when \(\phi =\square \psi \) with \(\psi \) another positive formula. Let \(\psi _{\mathcal {A}}\), resp \(\psi _{\mathcal {B}}\) be the predicates defined by \(\psi \) in \(\mathcal {A}\), resp \(\mathcal {B}\). By assumption then, \(\psi _{A}\mathop {\implies }\limits ^{S}\psi _{B}\), whence the definition of simulation yields \(\square \psi _{A}\mathop {\implies }\limits ^{S}\square \psi _{B}\), hence (\(\square \psi )_{A}\mathop {\implies }\limits ^{S}(\square \psi )_{B}\).

By a (strong) bidirectional simulation we understand a (strong) simulation \(S\) for which \(S^{-}\) is also a simulation. We must be careful not to confuse this with the notion of bisimulation.

From Lemmas 1 and 4 we obtain:

Lemma 5

Let \((S_{i})_{i\;{\in }\; I}\) be a family of bidirectional simulations, then their difunctional closure is again a bidirectional simulation.

4.2 Monotonicity

Definition 8

A predicate lifting \(\lambda \) is called monotonic, if for all sets \(U,V,A\) with \(U\subseteq V\subseteq A\) one has \(\lambda _{A}(U)\subseteq \lambda _{A}(V)\). We say that \(\square :F(2)\rightarrow 2\) is monotonic, if the predicate lifting given by \(\square \) is monotonic.

We get the following characterization:

Lemma 6

\(\square :F(2)\rightarrow 2\) is monotonic, iff for any \(A\) and any predicates \(\theta ,\psi \) on \(A\) with \(\theta \implies \psi \), we obtain \(\square \circ F\theta \implies \square \circ F\psi \).

Proof

Suppose \(\lambda _{A}=\square \circ F(-)\) is monotonic, \(\theta \implies \psi \) and \(\square \circ F\theta =1\), that is \(\lambda _{A}(\theta )=1\). By monotonicity, \(\lambda _{A}(\psi )=1\), i.e. \(\square \circ F\psi =1.\) Conversely, assume \(U\subseteq V\subseteq A\) and \(u\;{\in }\;\lambda _{A}(U)\), where \(\lambda _{A}(U)=[\![\square \circ F\chi _{U}]\!]\). Then \(\chi _{U}\implies \chi _{V}\) and \((\square \circ F\chi _{U})(u)=1\) whence by assumption \((\square \circ F\chi _{V})(u)=1\), meaning \(u\;{\in }\;\lambda _{A}(V).\) Thus \(\lambda _{A}\) is monotonic.

Graphically, monotonicity can be represented as

The following observation was independently found by L. Schröder and appears in the journal version [10] of [9]. With our diagrammatic notation its proof becomes almost trivial:

Lemma 7

\(\square \) is monotonic if and only if for every ternary pattern \(p(x,y,z)\) we have that

$$ p(1,0,0)\;{\in }\;\square \implies p(1,1,0)\;{\in }\;\square . $$

Proof

When \(\theta \implies \psi ,\) we can obtain a joint factorization as \(\theta =\chi _{\{x\}}\circ f\) and \(\psi =\chi _{\{x,y\}}\circ f\). Thus the above definition of monotonicity reduces to the following implication:

The outer diagrams are upward commutative iff the inner ones are. The one in the premise is automatically upward commutative. Therefore, \(\square \) is monotonic, if and only if the inner diagram on the right is upwards commutative.

This means that monotonicity needs only be checked for \(\theta =\chi _{\{x\}}\) and \(\psi =\chi _{\{x,y\}}\), which translates immediately into the statement \(p(1,0,0)\;{\in }\;\square \implies p(1,1,0)\;{\in }\;\square \) for each \(p\;{\in }\; F(\{x,y,z\})\).

Theorem 2

\(\square \) is monotonic iff each simulation is strong.

Proof

Suppose that \(\square \) is monotonic and let \(S\) be a simulation between coalgebras \(\mathcal {A}=(A,\alpha )\) and \(\mathcal {B}=(B,\beta )\). Suppose \(\theta \mathop {\implies }\limits ^{S}\psi \), then \(S[\theta ]\le \psi \) as shown in the left part of the following figure, where the left inner square trivially commutes. Since \(S\) is a simulation we get upwards commutativity of the outer figure with \(FS[\theta ]\) instead of \(F\psi .\) Using monotonicity, we get upwards commutativity of the right upper figure and therefore of the whole diagram:

For the converse, consider the identity relation \(\varDelta _{A}\) on \(A\), which is obviously a simulation, hence it is a strong simulation by assumption. Given any \(p\;{\in }\; F(A)\) and \(\theta \le \psi :A\rightarrow 2\) we choose the constant coalgebra structure \(c_{p}:A\rightarrow F(A)\). Since the left square is upwards commuting, so must be the outer figure. This readily translates into \(\square \) being monotonic.

Theorem 3

The following are equivalent:

  1. 1.

    \(\square \) is monotonic

  2. 2.

    each bisimulation is a simulation

  3. 3.

    each bisimulation is a strong simulation

Proof

(1.\(\rightarrow 3.)\) Suppose \(\square \) is monotonic and \(S\subseteq A\times B\) is a bisimulation between coalgebras \(\mathcal {A}=(A,\alpha )\) and \(\mathcal {B}=(B,\beta )\). Given \(\theta \mathop {\implies }\limits ^{S}\psi \), the left square is upward commuting. Since \(\square \) is monotonic, applying \(F\) makes the right hand square (followed by \(\square )\) upward commuting, too.

Inserting the bisimulation structure \(\rho \) into the picture, an upward diagram chase yields that the outer diagram is upward commuting, too:

$$\begin{aligned} \square \circ F\theta \circ \alpha \circ \pi _{A}^{S}&= \square \circ F\theta \circ F\pi _{A}^{S}\circ \rho \\&\le \square \circ F\psi \circ F\pi _{B}^{S}\circ \rho \\&= \square \circ F\psi \circ \beta \circ \pi _{B}^{S} \end{aligned}$$

which means that \(S\) is a strong simulation.

\((3\rightarrow 2)\) being trivial, we prove (2\(\rightarrow \)1): By Lemma 7, we need to check monotonicity only for \(A=\{x,y,z\}\), \(\theta =\chi _{\{x\}}\) and \(\psi =\chi _{\{x,y\}}\). Given \(p\;{\in }\; F(A)\) with \(p(1,0,0)\;{\in }\;\square ,\) i.e. \((\square \circ F\theta )(p)=1\), define a coalgebra \(\mathcal {A}_{p}\) on \(A\) with constant structure map \(c_{p}.\) By Proposition 1, \(R:=\varDelta _{A}\cup {\{(x,y),(y,x)\}}\) is a bisimulation on \(\mathcal {A}_{p}\), and \(\psi =R[\theta ]\). By hypothesis, \(R\) is a simulation, so \(\square \circ F\theta \circ c_{p}\mathop {\implies }\limits ^{B}\square \circ F\psi \circ c_{p}\), in particular,

$$\begin{aligned} (\square \circ F\psi )(p)&= (\square \circ F\psi \circ c_{p}\circ \pi _{2})(x,x)\\&\ge (\square \circ F\theta \circ c_{p}\circ \pi _{1})(x,x)\\&= (\square \circ F\theta )(p)\\&= 1 \end{aligned}$$

i.e. \(p(1,1,0)\;{\in }\;\square ,\) as can be read from the following diagram:

5 Congruences and Separability

5.1 Congruences

In classical examples of coalgebras, such as Kripke structures, deterministic and nondeterministic automata, etc., observational equivalence is definable via bisimulations. The reason is that the corresponding type functors preserve weak pullbacks (see [4]). This in turn has many structural consequences. In particular the largest bisimulation is always the same as the largest congruence relation, where a congruence is defined as the kernel of a homomorphism. Thus a congruence is a relation on a single coalgebra. Since we want to study relations between different coalgebras, we have to widen the notion of congruence and therefore introduce the notion of \(F\)-congruence. This notion has been studied by Sam Staton under the name kernel bisimulation [12]:

Definition 9

An \(F\)-congruence \(\theta \) between coalgebras \(\mathcal {A}\) and \(\mathcal {B}\) is the pullback of two homomorphisms \(\varphi :\mathcal {A}\rightarrow \mathcal {C}\) and \(\psi :\mathcal {B}\rightarrow \mathcal {C}\):

$$ \theta =ker(\varphi ,\psi ). $$

Theorem 4

The following are equivalent:

 

  1. 1.

    \(\square \) is monotonic

  2. 2.

    each congruence is a simulation

  3. 3.

    each \(F\)-congruence is a strong simulation.

Proof

(1.\(\rightarrow \)3.): An \(F\)-congruence \(\theta =ker(\varphi ,\psi )\) can be obtained as a composition of relations: \(\theta =G(\varphi )\circ G(\psi )^{-}\) where \(G(\varphi )\) and \(G(\psi )\) are the graphs of \(\varphi \) and \(\psi .\) The graphs of homomorphisms are bisimulations ([8]) and the converse of a bisimulation is a bisimulation. Assuming monotonicity of \(\square \), Theorem 3 tells us that they are strong simulations. By Lemma 4, their composition is a strong simulation. In particular, each congruence is a simulation, too. (3.\(\rightarrow \)2) is of course trivial, since each congruence is an \(F\)-congruence and each strong simulation is a simulation.

For (2.\(\rightarrow \)1.), assuming that each congruence is a simulation, we can reuse the proof of (3\(\rightarrow \)2) in Theorem 3. This time, we only need to observe that \(R\) happens to be a congruence relation, since it is the kernel of the obvious homomorphism from \(\mathcal {A}_{p}=\mathcal {A}_{p(x,y,z)}\) to the constant coalgebra \(\mathcal {A}_{p(x,x,z)}\) on \(\{x,z\}\).

5.2 Separability

In this section we need to work with a family of boxes \((\square _{i})_{i\;{\in }\; I}\). Such is usually required in order to render coalgebraic modal logic expressive. Separability is usually expressed for the functor and for the boxes separately. A functor is called \(2\)-separable, if for any \(X\) and any \(p,q\;{\in }\; F(X)\) with \(p\ne q\) there is a predicate \(\phi :X\rightarrow 2\) such \((F\phi )(p)\ne (F\phi )(q)\). Next, we call a family \((\square _{i})_{i\;{\in }\; I}\) of predicate liftings separating, if the functor \(F\) is 2-separating and the predicates \(\square _{i}:F(2)\rightarrow 2\) combined with the unary boolean operations \(\theta :2\rightarrow 2\) form a mono-source. We can equivalently define this as follows:

Definition 10

\((\square _{i})_{i\;{\in }\; I}\) is separating if

$$\forall p\ne q\;{\in }\; F(X).\exists \phi :X\rightarrow 2.\exists i\;{\in }\; I.(\square _{i}\circ F\phi (p)\ne \square _{i}\circ F\phi (q))$$

.

Theorem 5

If \((\square _{i})_{i\;{\in }\; I}\) is separating then every difunctional bidirectional strong simulation is an \(F\)-congruence.

Proof

Let \(S\) be a difunctional strong simulation between coalgebras \(\mathcal {A}=(A,\alpha )\) and \(\mathcal {B}=(B,\beta )\) and \(\pi _{1},\pi _{2}\) the projections of \(S\). Form the pushout \((P,f:A\rightarrow P,g:B\rightarrow P)\) of \((S,\pi _{1},\pi _{2})\) in \(Set.\) Since \(S\) is difunctional, \((S,\pi _{1},\pi _{2})\) is a pullback of \(f\) and \(g\) in \(Set\). It suffices to show that there exists a coalgebra structure on \(P\) so that \(f\) and \(g\) are homomorphisms. We obtain such a coalgebra structure if we can show that \((FP,Ff\circ \alpha ,Fg\circ \beta )\) is a competitor of the pushout \((P,f,g)\) in \(Set\). For this it remains to show : \(Ff\,\circ \,\alpha \,\circ \pi _{1}=Fg\,\circ \,\beta \,\circ \,\pi _{2}.\)

Let \((x,y)\;{\in }\; S\). As \((\square _{i})_{i\;{\in }\; I}\) is separating, it is enough to show that for each \(i\;{\in }\; I\) and each \(\phi :P\rightarrow 2\) we have \(Ff\,\circ \,\alpha (x)\;{\models }\;\square _{i}\theta \ \Longleftrightarrow \ Fg\,\circ \,\beta (y)\;{\models }\;\square _{i}\theta .\) This we can read from the following diagram:

The left square in the diagram commutes, since \((P,f,g)\) is a pushout, in particular it is upward commuting. \(S\) being a strong simulation, we obtain \(Ff\,\circ \,\alpha (x)\;{\models }\;\square \theta \ \Longrightarrow \ Fg\,\circ \,\beta (y)\;{\models }\;\square \theta .\) Since \(S^{-}\) is a strong simulation, too, we similarly have \(Fg\,\circ \,\beta (y)\;{\models }\;\square \theta \ \Longrightarrow \ Ff\,\circ \,\alpha (x)\;{\models }\;\square \theta \).

Theorem 6

If each difunctional simulation is an \(F\)-congruence, then \((\square _{i})_{i\;{\in }\; I}\) is separating.

Proof

Assume \(p,q\;{\in }\; FX\) such that \(p\;{\models }\;\square _{i}\theta \ \Longleftrightarrow \ q\;{\models }\;\square _{i}\theta \) for each \(i\;{\in }\; I\) and each \(\theta :X\rightarrow 2\). We must show \(p=q\).

Case 1

\(X\ne \emptyset \): On the set \(X\) define \(F\)-coalgebras \(\mathcal {X}_{p}=(X,c_{p})\) and \(\mathcal {X}_{q}=(X,c_{q})\), where \(c_{p}\), resp. \(c_{q}\), are constant maps with value \(p\), resp. \(q\). Notice that the assumption is then equivalent to saying that \(\varDelta _{X}\) is a (difunctional) simulation (with respect to each \(\square _{i}\)) between \(\mathcal {X}_{p}\) and \(\mathcal {X}_{q}\). Therefore, by the theorem’s premise, \(\varDelta _{X}\) is an \(F\)-congruence. Consequently, there must be homomorphisms \(\varphi :\mathcal {X}_{p}\longrightarrow \mathcal {Z}=(Z,\gamma )\) and \(\psi :\mathcal {X}_{q}\longrightarrow \mathcal {Z}\) with \(\varDelta _{X}=Pb(\varphi ,\psi )\). This immediately yields \(\varphi =\psi \) and \(\varphi \) injective.

The above diagram commutes, since \(\varphi \) is a homomorphism, so \((F\varphi )(p)=(F\varphi \circ c_{p}\circ \pi _{2})(x)=(F\varphi \circ c_{q}\circ \pi _{2})(x)=(F\varphi )(q)\). Therefore \(p=q\) as required. 

Case 2

\(X=\emptyset \): According to our general assumption, \(F\iota :F\emptyset \rightarrow F1\) is injective. Thus in order to separate \(p,q\;{\in }\; F\emptyset ,\) it is enough to separate \((F\iota )(p)\;{\in }\; F(1)\) from \((F\iota )(q)\;{\in }\; F(1)\) which is possible due to the previous case.

Corollary 2

If \(\square \) is monotonic and separating then every difunctional simulation is an \(F\)-congruence.

As a further corollary, we obtain a converse to another result found in [3].

Corollary 3

Let \((\square _{i})_{i\;{\in }\; I}\) be monotonic. Then \((\square _{i})_{i\;{\in }\; I}\) are separating and \(F\) weakly preserves pullbacks if and only if each difunctional simulation is an \(F\)-bisimulation.

Proof

The direction from left to right is from [3]. For the converse, suppose that each difunctional simulation is an \(F\)-bisimulation. Then by monotony each \(F\)-congruence is an \(F\)-bisimulation. This is the same as saying that \(F\) weakly preserves pullbacks. Similarly, every difunctional simulation is an \(F\)-congruence, hence by the above proposition, \((\square _{i})_{i\;{\in }\; I}\) is separating.

6 Conclusion and Further Work

We have given a new definition of coalgebraic simulation, which has the advantage to be amenable to diagrammatic reasoning. We have demonstrated its use with a number of results and related our definition to that of Gorín and Schröder in [3]. In the case where our boxes (respectively predicate liftings) are monotonic, a general assumption in the paper [3], our definition agrees with that of the authors. We have related our simulations to 2-dimensional congruences (so called \(F\)-congruences). We suspect that the set of all \(F\)-congruences between fixed coalgebras \(\mathcal {A}\) and \(\mathcal {B}\) forms a complete lattice with the natural ordering. However we were only able to show it under the additional assumption that there exists a set of separating monotonic boxes \((\square _{i})_{i\;{\in }\; I}\). In that case, \(F\)-congruences are bidirectional simulations and their supremum is given by difunctional closure. We leave it open whether the existence of a separating set \((\square _{i})_{i\;{\in }\; I}\) is needed.